SQL
injection is a set of SQL commands that are placed in a URL string or
in data structures in order to retrieve a response that we want from the
databases that are connected with the web applications. This type of
attacks generally takes place on webpages developed using PHP or
ASP.NET.
An SQL injection attack can be done with the following intentions −
- To dump the whole database of a system,
- To modify the content of the databases, or
- To perform different queries that are not allowed by the application.
This
type of attack works when the applications don’t validate the inputs
properly, before passing them to an SQL statement. Injections are
normally placed put in address bars, search fields, or data fields.
The
easiest way to detect if a web application is vulnerable to an SQL
injection attack is to use the " ‘ " character in a string and see if
you get any error.
Example 1
Let’s
try to understand this concept using a few examples. As shown in the
following screenshot, we have used a " ‘ " character in the Name field.
Now, click the Login button. It should produce the following response −
It means that the “Name” field is vulnerable to SQL injection.
Example 2
We have this URL − http://10.10.10.101/mutillidae/index.php?page=site-footer-xssdiscussion.php
And we want to test the variable “page” but observe how we have injected a " ‘ " character in the string URL.
When we press Enter, it will produce the following result which is with errors.
SQLMAP
SQLMAP is one of the best tools available to detect SQL injections. It can be downloaded from http://sqlmap.org/
It comes pre-compiled in the Kali distribution. You can locate it at − Applications → Database Assessment → Sqlmap.
After
opening SQLMAP, we go to the page that we have the SQL injection and
then get the header request. From the header, we run the following
command in SQL −
./sqlmap.py --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0" --cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u ' http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#' - level=5 risk=3 -p id --suffix="-BR" -v3
The
SQLMAP will test all the variables and the result will show that the
parameter “id” is vulnerable, as shown in the following screenshot.
SQLNinja
SQLNinja is another SQL injection tool that is available in Kali distribution.
JSQL Injection
JSQL Injection is in Java and it makes automated SQL injections.
Quick Tips
To prevent your web application from SQL injection attacks, you should keep the following points in mind −
- Unchecked user-input to database should not be allowed to pass through the application GUI.
- Every variable that passes into the application should be sanitized and validated.
- The user input which is passed into the database should be quoted.
No comments:
Write comments