Software Search
HELP/FAQs?

Got questions/problems? Take a look through our FAQs (frequently asked questions), or email us at: support@bigyellowkey.com. We shall do our best to get back to you promptly.

Want Discounts?

Are your prices for multiple domains too large? Are you trying to get licences for test domains but being asked to pay full cost? Don't worry; we can add test domains to your licences manually. Just purchase a single domain addon/upgrade for what it is that you need, and then email us about your situation regarding the remaining domains and we'll liaise with you over the options. email us at: support@bigyellowkey.com. We shall do our best to get back to you promptly. click here for more information regarding multiple domains, upgrades, and discount policies.

BigYellowKey News
(click here to view all BYK news)

Released: 4/1/2016 3:05:00 PM
BYZ Annual Pass Now Available!
Click Here for details.
The BYZ Annual Pass replaces the BYZ addon subscription service.

Released: 4/1/2016 2:05:00 PM
The BYZ Terms and Conditions have been changed.
Click Here for details.

Released: 6/16/2014 2:05:00 PM
Full list of Demos Now Available in one place! Click Here to see our new Demo area/list, or click on the "Demos" link at the top/right of the screen.

Released: 3/9/2014 2:05:00 PM
New modules released:
Speed Tester
Error Logger
SQLServer Space Clearer
Click Here to See What Other New Modules we have
or click here to see newly released enhancements/fixes

Apologies, but online Payments are temporary unavailable as we are in the process of changing our payment gateway. Please contact us if you wish to place an order and we will organize a manual payment process for you. We hope/expect online payments to be available again within the next day or so.

SQL Injection Scanner (scanning only module) - SQI127

<< back to previous screen

Has your data been injected-into by a hacker? Download and run this nominally priced tool to find out safely and reliably. Works for SQLServer, MySQL, and Access databases.
NOTE: This does not include a cleaner; for a sql injection data cleaner please purchase SQI145C separately.



SQL Injection Scanner (scanning only module) - SQI127
Latest version:15/30-JUL-2011
From vendor:Big Yellow Zone
For Terms and Conditions, click here
Please do not purchase any BigYellowZone
products/services or request technical
support until you have read and agree with
the terms and conditions.
Price:£2.75
add to cart


Compatibility, Bundling, and Status Notes:
This software includes:
SQI127 (Injection Scanner)

This tool will check every text-based column in every record in every table in any of your databases, and it'll give you a list of candidates for what it thinks may have been injected data.

It's a good way of seeing whether or not you generally have much hacked data before deciding whether or not you need to buy the sql injection cleaner (see SQI145C)


Technical/Developer Information:
This tool will display the candidate data in a safe way (ie so that the hacks themselves don't "execute" while the tool is displaying/finding the hacked text for your information).

It also runs surprisingly quickly (usually finishes within around 30 seconds), so doesn't tie-up your site while you're running it.

It's password protected, so nobody apart from you can run it, meaning that you can safely leave it on your site even when your data is clean, and occasionally run it when you want to double-check your data.

The scanner (SQI127) and cleaner (SQI145C) have separate configurations/files and are independent of each other.


Terms and Conditions:
For terms, conditions, and licensing information for all BigYellowZone products/services, please click here.
Please do not purchase any BigYellowZone products/services or request technical support until you have read and agree with the terms and conditions.


Full Version History:
VerNo Version Date Release Notes
01 08-MAY-2007 Initial version - Big Yellow Zone SQL Injection Scanner
02 10-MAY-2007 Changed to cater for tables which have non-vpasp standard data types so that it can deal with more types of customised/custom-created tables.
Added record count and field descriptions to display.
Various other cosmetic changes to display the results with better messages/formatting.
Files changed:
README.htm
byz127_install.asp
byz_hack_check.asp
03 16-MAY-2007 Added table exclusion list to config options.
Files changed:
README.htm
byz127_install.asp
byz_hack_check.asp
byz_hack_check_config.asp
04 27-JAN-2008 Added more checks for additional types of hacks.
Changed documentation to be in line with BigYellowKey.com licensing notes.
Effected Files:
README.htm (file changed)
byz127_install.asp (file deleted)
byz_hack_check.asp (file changed)
05 21-FEB-2008 Enhanced to be able to cater for table names and column names that are reserved words or which have special characters in them.
Files changed:
README.htm
byz_hack_check.asp
06 14-JUN-2008 Added the Image column data type for sqlserver database datatype derivation, treating those columns as non-text columns to avoid sql errors.
Effected Files:
README.htm (file changed)
byz_hack_check.asp (file changed)
07 20-JUL-2008 Completely restructured all files to take account of generic setups (i.e. so that the software is no longer restricted to vpasp databases/systems).
Added additional fall-through logic to find primary keys.
Added primary keyed columns to the list of columns which are potentially checked so that now all columns in a given table which are text-based are checked.
Changed table/column derivation to pick up more tables and to define/find data types better.
All files were effected; if upgrading from a previous version please backup and then delete any files on your site which have names starting with byz_hack_check, and then install the new version of this software making sure you read/follow the installation notes carefully.
Prior to V07 this software had been available freely. Due to the amount of time spent on its development from V07 onwards we are no longer able to offer it for free.
08 27-AUG-2008 Changed the generic database config file to give several different examples for various connection types.
Added an explicit button to run the scan, and added an are you sure? confirmation alert prompt prior to executing the scan.
Added a separate configuration file to hold the strings to scan for.
Added a form section to check/change the scanning strings.
All files were changed/renamed under this version, if upgrading from V07 or prior please uninstall/delete your original version, and install the new one.
09 06-SEP-2008 Enhanced to be able to cater for special characters for searches, such as newlines.
Enhanced to cater for some potential database-specific problems for case-insensitive string matches.
Effected Files:
README.htm (file changed)
sqi_scan$_config$mysearches.asp (file changed)
sqi_scan_main_inc.asp (file changed)
sqi_scan_screen_inc.asp (file changed)
sqi_scan_tools_inc.asp (file changed)
10 11-OCT-2008 Changed the search string in the first default scanning value to use special character for the greater-than character which was still remaining in the string.
Added left and right square brackets translations as additional special character fields.
Effected Files:
README.htm (file changed)
sqi_scan$_config$mysearches.asp (file changed)
sqi_scan_screen_inc.asp (file changed)
sqi_scan_tools_inc.asp (file changed)
11 12-OCT-2008 Enhanced to cater for null ascii values being injected into data, and to also cater for other ascii characters which can hide the real data from being displayed.
Changed candidate list (re-iteration at the bottom) to use tabular format instead of being on separate lines.
Effected Files:
README.htm (file changed)
sqi_scan_screen_inc.asp (file changed)
sqi_scan_tools_inc.asp (file changed)
12 23-OCT-2008 Obfuscated the code so that hackers find it more difficult to understand how the scanning process works.
Effected Files:
README.htm (file changed)
sqi_scan.asp (file changed)
sqi_scan_common_inc.asp (file changed)
sqi_scan_doit_inc.asp (file changed)
sqi_scan_main_inc.asp (file changed)
sqi_scan_password.asp (file changed)
sqi_scan_password_inc.asp (file changed)
sqi_scan_screen_inc.asp (file changed)
sqi_scan_tools_inc.asp (file changed)
sqi_scan_vars_inc.asp (file changed)
sqi_scan_version.asp (new file)
13 08-DEC-2008 Added extra explicit buffer flushes to avoid Response Buffer Limit Exceeded errors.
Effected Files:
README.htm (file changed)
sqi_scan_main_inc.asp (file changed)
sqi_scan_screen_inc.asp (file changed)
14 26-AUG-2009 Changed description of module and notes on the screen to indicate that its no longer being given away for free.
Effected Files:
README.htm (file changed)
sqi_scan_main_inc.asp (file changed)
sqi_scan_screen_inc.asp (file changed)
15 30-JUL-2011 Substantial enhancements made to the html/logic to make it easier to read the results and easier to track the processing.
Changed it so that during the processing phase it no longer outputs the candidates (just the count), and the details of the candidates are then only shown at the bottom (once the unique set of candidates is found and can be displayed in a single block).
Effected Files:
README.htm (file changed)
sqi_scan_main_inc.asp (file changed)
sqi_scan_password.asp (file changed)
sqi_scan_screen_inc.asp (file changed)