International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vulnerability Detection For Sql Injection Attacks: An Experimental
Survey
Premveer, Ankur Srivastava, Anurag jain
Department of IT, USICT, GGSIPU
Abstract
SQL Injection attacks are a type of attacks in which
malicious data is appended in a user data to access,
delete or modify user data.SQL Injection attacks
are possible because of lack of input validation at
server side. SQL Injection attacks are not
detectable by Firewall or Intrusion detection
system(IDS) because SQL Injection attacks are
performed by Ports which are open in Firewall and
IDS work on network and IP layers while SQL
Injection attacks work on application layer. This
paper focuses on detecting vulnerabilities for sql
injection attacks on different types of domains ,
for which different tools have been selected which
are available in market.
RT
Keyword
SQL Injection Attacks, Detection, Evaluation
IJE
1. Introduction
SQL Injection Attacks are most effective method
for stealing the data from backend[1].In this type of
attacks hacker attacks the data by appending Sql
keywords in user inserted query without enabling
the user to come to know that query has been
modified.
2. Types of Sql injection attacks
There are several types of attacks. Some of them
are discussed in this paper.
2.1 Tautologies
In this type of attacks malicious code is inserted in
such a way that query statement is always
evaluated to be true.
“Select * from stud where id=‟111‟ and pwd=‟abc‟
or „1‟=‟1‟”
In above query by using „1‟=‟1‟ result will always
be true whether pwd is correct or not.
2.2 Union Query
In this type of query unauthorised query is attached
with authorised by using UNION clause.
Select name, address from user where id=1
IJERTV2IS60335 www.ijert.org
Vol. 2 Issue 6, June - 2013
When attacked by sql injection we will have the
following query:
Select name, address from user where id= 1
UNION ALL Select phone_number from
biodatatable.
which will join the result of the original query with
biodatatable.
2.3 Piggy-backed query
In this type of attack, attacker exploit database by
using query delimiter like “;”, to append
unauthorised query to original query.
Select name from stud where id=1;drop table stud
Because “;” is appended in query so drop table will
be executed after authorised query and it will delete
the table stud.
2.4 Boolean SQL injection
Boolean SQL injection means that no error
messages are sent in the response, but there is a
difference between the response sent for a valid
query and the response sent for an invalid query.
examples:
www.example.org/display.php?item=1
will sent the info for item 1
www.example.org/display.php?item=1'
will trigger an error, but suppresses it so no
information is shown. But it is still possible to
send SQL requests to the database and determine
what is true and what is false.
2.5 Cross-site Scripting
XSS (Cross-site Scripting) allows an attacker to
execute a dynamic script such as Javascript,
VbScript etc[2]. This allows several different
attacks opportunities for attackers, mostly hijacking
the current session of the user.
2.6 URL-Based
URL-Based SQL injection is an attack that can be
executed directly from the browser's address
bar[3], in which malicious code is inserted into
strings that are later passed to an instance of SQL
Server for parsing and execution.
3. SQL Injection Detection tools
The tools which are used in this research paper are
available in market but for this research paper one
month trial versions of tool have been used.
3.1 Sqlmap[3]
sqlmap is an open source testing tool which is used
for detection and exploitation of SQL injection
1197
 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 6, June - 2013

flaws and taking over of database servers. It has
advanced detection engine, it is suitable for the
ultimate penetration testing.
3.2 Netsparker[4]
Netsparker is the web application security scanner.
It discover the flaws that could leave user
dangerously exposed. Netsparker is a powerful web
application security scanner, which can crawl,
attack and identify vulnerabilities in all types of
web application - whatever platform and
technology it‟s built on. Netsparker can help user
identify web application vulnerabilities such as
Cross-site Scripting (XSS), and many more with an
easy-to-use and intuitive user interface. Netsparker
helps web application developers or penetration
testers to secure web applications easily and with
the minimum of fuss.
3.3 Webcruiser[5]
WebCruiser is a web vulnerability scanner, an
effective and powerful web penetration testing tool
that helps in auditing website. It has a vulnerability
scanner and a series of security tools. It can scan
website for web vulnerabilities cross-site scripting,
URL sql injectioin etc.
3.4 Havij[6]
Havij is an automated SQL Injection tool that helps
penetration testers to find and exploit SQL
Injection vulnerabilities on a web page.
4. Comparison of tools with respect to
vulnerabilities when run on different
types domains.
In this research paper, 38 websites, which belong
to different domain types (like product based,
portal etc) have been checked for vulnerability
using above mentioned tools. Result is shown in
the table given below:

Table-1 Comparison of tools with respected to vulnerabilities

Sno Website type Website domain Tools and type of attacks detected by tools
Netsparker Sqlmap Webcruiser Havij
1. Product based Quiltchalet.com Cross-site scripting, Boolean based Cross-site Not able to
Boolean based sql blind scripting find attack
injection
RT

2. Product based Sigmaspa.com Cross-site scripting, Not able to find Cross-site Not able to
error scripting find attack
3. Product based Kbnusa.com Cross-site scripting, Not able to find Cross-site Not able to
IJE

boolean based sql error scripting find attack

injection
4. Domain and Emergingdesignn Cross-site scripting Boolean based Cross-site Not able to
host based etworks.com and Union scripting find attack
injectable
5. Portal Userngatheartmin Cross-site scripting Boolean based, Cross-site Not able to
isries.com union injectable scripting find error
6. Product based Saleemcarpets.co Not able to find Union injectable Cross-site Not able to
m attack scripting find attack
7. Product based Webakku.hu Cross-site scripting Not able to find Cookie sql Not able to
any attack injection find attack
8. Product based Micatrone.se Not able to find any Not able to find Cross-site Not able to
attack any attack scripting find attack
9. Portal Rubenracing.com Not able to find Not able to fing Not able to find Not able to
attack any attack attack find attack
10. Product based Witec.de Not able to find Not able to find Cross-site Not able to
attack attack scripting find attack
11. Publishing Lcoastpress.com Cross-site scripting Not able to find Cross-site Not able to
attack scripting find attack
12. Publishing Travellers- Cross-site scripting Boolean based Cross-site Not able to
tales.co.uk scripting find attack
13. Product and Arrowvalves.co.u Not able to find Not able to find Not able to find Not able to
services k attack attack attack find attack

14. Product based Reaplasrack.co.uk Cross-site scripting Union query Url sql injection Not able to
injectable find attack
15. Education Woodlandsschool. Cross-site scripting, Not able to find Not able to find Not able to

IJERTV2IS60335 www.ijert.org 1198

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 6, June - 2013

org Blind sql injection attack attack find attack

16. Construction Qwc.org.uk Not able to find Not able to find Not able to find Not able to
attack attack attack find attack
17. Business Vx10.co.uk Cross-site scripting Not able to find Cross-site Not able to
solution attack scripting find attack
18. Publishing Readingmatters.c Cross-site scripting, Not able to find Not able to find Not able to
o.uk Boolean sql attack attack find attack
injection
19. Automobile Topgears- Not able to find Not able to find Not able to find Not able to
cars.co.uk attack attack attack find attack
20. Social site Thehopeforameric Not able to find Boolean based Cross-site Not able to
a.com attack scripting, url sql find attack
injection
21. Business Woodfines.co.uk Cross-site scripting Boolean based Not able to find Not able to
solution and Boolean sql injection attack find attack
injection
22. Food services Areuserreadytoor Cross-site scripting Union injectable Cross-site Not able to
der.co.uk scripting find attack
23. portal Robertsmith.co.uk Not able to find Not able to find Not able to find Not able to
attack attack attack find attack
24. publishing Athenapress.com Cross-site scripting, Not able to find Cross-site Not able to
Boolean based sql attack scripting find attack
injection
25. portal Abslation.co.uk Not able to find Not able to find Not able to find Not able to
attack attack attack find attack
26. portal Standardbred.org Cross-site scripting, Not able to find Cross-site Not able to
Boolean based sql attack scripting find attack
RT
injection
27. Manufacturing Tek-tite.com Cross-site scripting Boolean based Not able to find Not able to
attack find attack
28. Travelling Thedockyard.co.u Cross-site scripting Appear not to be Not able to find Not able to
IJE

k injectable any attack find any

attack
29. Portal Blackhistorycana Cross-site scripting, Not able to find Not able to find Not able to
da.ca attack attack find attack
30. Social site Twitney.co.uk Cross-site scripting, Boolean based Not able to find Not able to
Boolean based sql blind attack find attack
injection
31. Community Minesandcommu Cross-site scripting, Boolean based Not able to find Not able to
nites.org Boolean based sql attack find attack
injection
32. Retail Coastal-koi.com Cross-site scripting Boolean based Not able to find Not able to
blind attack find attack
33. Social site Musicinthearound Cross-site scripting Not able to find Cookie sql Not able to
.co.uk attack injection find attack
34. Gov. Nahipa.org Cross-site scripting Not able to find Cross-site Not able to
attack scripting find attack
35. Social Facebook.com Cross-site scripting Not able to find Cookie sql Not able to
networking attack injection find attack
36. Social Twitter.com Not able to find Not able to find Cookie sql Not able to
networking attack attack injection find attack
37. E-commerce Ibibo.com Not able to find Not able to find Cross-site Not able to
attack attack scripting find attack
38. E-commerce Flipkart.com Not able to find Not able to find Not able to find Not able to
attack attack attack find attack

IJERTV2IS60335 www.ijert.org 1199

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 6, June - 2013

5. Evaluation of tools

In above table 38 websites have been checked for commerce and remaining 12 are kept in category of
vulnerabilities out of these 38 websites, 9 are others.
product based websites,5 are social sites, 6 are
portals, 4 are publishing websites, 2 belong to e-

Table-2 Evaluation of tools

Tools Domains checked for vulnerabilities(no. of websites in each category)

Product based Social sites Portals Publishing E-commerce Others
Netsparker 9 websites have 5 websites 6 websites have 4 websites have 2 websites have 12 websites
been checked for have been been checked for been checked for been checked for have been
vulnerabilities. In checked for vulnerabilities. In vulnerabilities. In vulnerabilities. In checked for
all, able to detect vulnerabilities 3 websites able to all able to detect both not able to vulnerabilities.
cross-site . In 3 detect cross-site cross-site detect any error In 9 websites
scripting websites, able scripting and in scripting able to detect
to detect remaining not cross-site
cross-site able to detect any scripting and in
scripting.And error remaining not
in remaining 2 able to detect
not able to any error
detect any
error
Webcruiser 9 websites have 5 websites 6 websites have 4 websites have 2 websites have 12 websites
been checked for have been been checked for been checked for been checked for have been
vulnerabilities. In checked for vulnerabilities. In vulnerabilities. In vulnerabilities. In checked for
6 websites able to vulnerabilities 2 websites able to 3 websites able to one website able vulnerabilities.
detect cross-site . Only In one detect cross-site detect cross-site to detect cross-site In 4 websites
RT
scripting, in one website able scripting and in scripting and in scripting and in able to detect
website able to to detect remaining not remaining able to remaining not cross-site
detect url sql cross-site able to detect any detect url sql able to detect any scripting and in
injection and in scripting and error injection error remaining not
IJE

remaining not in remaining able to detect

able to detect any not able to any error
error detect any
error
Sqlmap 9 websites have 5 websites 6 websites have 4 websites have 2 websites have 12 websites
been checked for have been been checked for been checked for been checked for have been
vulnerabilities. In checked for vulnerabilities. In vulnerabilities. In vulnerabilities. In checked for
one website, able vulnerabilities one website , able one website, able both not able to vulnerabilities.
to detect Boolean . In one , able to detect both to detect Boolean detect any error In 5 websites
sql injection, in 2 to detect Boolean and based and in able to detect
websites able to Boolean based union and in remaining not Boolean, in 2
detect union and and in remaining not able to detect any websites able to
in remaining 7 not remaining not able to detect any error detect union sql
able to detect any able to detect error and in
error any error remaining not
able to detect
any error

Havij 9 websites have 5 websites 6 websites have 4 websites have 2 websites have 12 websites
been checked for have been been checked for been checked for been checked for have been
vulnerabilities. In checked for vulnerabilities. In vulnerabilities. In vulnerabilities. In checked for
all not able to find vulnerabilities all not able to find all not able to find all not able to find vulnerabilities.
any error . In all not any error any error any error In all not able to
able to find find any error
any error
Websites belong to different types( like production
6. Conclusion based, portal, social site etc), to detect vulnerability
for sql injection attacks, it is found that Netsparker
Based on the above result , in which four different is able to detect Cross-site scripting and Boolean
sql injection detection tools are used, on different sql injection. Sqlmap is able to detect Boolean
based and Union query. Webcruiser is able to

IJERTV2IS60335 www.ijert.org 1200

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 2 Issue 6, June - 2013

detect Cross-site scripting and url sql injection.

And Havij is not able to detect any discussed
attack. And it is also found that websites which
belong to product based are more vulnerable to
SQL injection attack. So on the basis of above
result it can be concluded that no tool is able to
detect all vulnerabilities for sql injection attacks.

7. References

[1]Puspendra Kumar.”A Survey on SQL Injection

Attacks, Detection and Prevention Techniques”
ICCCNT 2012.
[2]Atefeh Tajpour and Maslin Masrom. “SQL
Injection Detection and Prevention Tools
Assessment” IEEE 2010.
[3]Sqlmap.org.
[4]www.mavitunasecurity.com/netsparker
[5]sec4app.com
[6]www.itsecteam.com/products/havij-v116-
advanced-sql-injection
RT
IJE

IJERTV2IS60335 www.ijert.org 1201