SQL Injection Testing Using SQLMAP

SQL Injection Testing Using SQLmap
SQL Injection Testing Using SQLmap

How to test Web application vulnerability SQL injection (SQLi) by using the SQLMAP (a Penetration Testing suite) in Kali Linux.

What is SQL Injection?

It is a type of an code injection technique that makes it possible to execute malicious SQL queries. That can  control a database server behind a web application. Attackers can gain access of information stored in databases. They can also use SQL Injection to add, modify, and delete records in the database.

What is SQLMap?

sqlmap is an open source penetration testing software that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

So let’s start…

Where we can use Sqlmap?

If you observe a web url that is of the form  “.php?id=” then the website may be vulnerable to this mode of SQL injection, and an attacker may be able to gain access to information in the database.

Note: Developer are using URL rewrites rule in .htaccess for “.php?id=” to “/” its doesn’t mean it’s secure

Requirements

  1. Kali Linux
  2. Vulnerable Web Application
  3. SQlmap

Example as follow

testphp.vulnweb.com/artists.php?artist=1

 

A simple test to check whether your website is vulnerable would to be to replace the value in the get request parameter with an asterisk (‘).

For example testphp.vulnweb.com/artists.php?artist=1′

But, in URL rewrites, this URl testphp.vulnweb.com/artists.php?artist=1 will become
testphp.vulnweb.com/1 ,{id is hidden and the parameter 1 is used in url}

For testing SQL injection in these kind of URLs, we just use our payloads as before, but after the parameter :

testphp.vulnweb.com/1'

Now using the sqlmap to test a webapplication for SQL Injection vulnerability

Step 1:

Open terminal in Kali Linux and type sqlmap  for taking help type sqlmap -h

 Listing the information about the existing databases

we have to enter the web url that we want to check along with the -u parameter and we would want to test whether it is possible to gain access to a database. So we use the –dbs option to do so. –dbs lists all the available databases.

So the command would be

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs



We get the following output showing us that there are two available databases.

Step 2:

 Listing the information about Tables present in a particular Database

Now use -D to specify the name of the database that we wish to access, and once we have access to the database, we would want to see whether we can access the tables. For this, we use the –tables query. In this case database name is acuart.

So the command would be

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1  -D acuart — tables

We get the following output showing us that there are 8 tables available in databases “acuart”.

Step 3:

 Listing information about the columns of a particular table

For viewing the columns of a particular table, we can use the following command, in which we use -T to specify the table name, and –columns to query the column names. We will try to access the table ‘users’.

So the command should be

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1  -D acuart -T users –columns

We get the following output showing us that there are 8 columns available in table “users”.

Step 4:

Dump the data from the columns

we can dump the data for the columns one by one column or whole the columns present in “users” table

For one by one columns command should be

 sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1  -D acuart -T users -C uname --dump

Command for whole the data present in table “users”

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1  -D acuart -T users -C uname --dump

We got the following output.

How to Prevent SQL Injection?

Use mysql_real_escape_string in your php code.

Example:

<?php
$badword = “‘ OR 1 ‘”;
$badword = mysql_real_escape_string($badword);
$message = “SELECT * from database WHERE password = “‘$badword'”;
echo “Blocked ” . $message . “;
?>

To protect your website,check Web Security Common attacks

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Kaushal Jangid

Exploiting Authentication Issues of Web Application

Following tutorial related to Exploiting Authentication Issues of a Web application. You...
Read More

Leave a Reply