Advanced Hacking Techniques CUCI255

1
CIC

To analyse SQL Injection

1 Kali Linux
2 OWASP Juice Shop or DVWA (Damn Vulnerable Web
Application)
3 SQLMAP: SQL Injection automation tool included in Kali
Linux
4 Browser: Mozilla Firefox or Chromium for web interaction
5 Internet Connection: For accessing web applications if
hosted online

1. Setup Vulnerable Web Application:

• Install and configure OWASP Juice Shop or DVWA on Kali Linux (or use an online sandbox
environment if preferred).
• Ensure the web application is accessible in your browser.
2. Identify Vulnerable Inputs:
• Explore input fields in the application (e.g., login fields, search bars) where SQL queries might be
processed.
3. Perform SQL Injection:
• Use SQLMAP or manually inject SQL code (e.g., ' OR 1=1 --) into these fields to test for
vulnerabilities.
• Observe how the application responds to different SQL injections.
4. Analyze Results:
• Note down the information disclosed by successful injections (e.g., data retrieved from the database).
5. Automate with SQLMAP:
• Run SQLMAP on the URL of the vulnerable web application with options to enumerate the database
structure, extract data, etc.
• For ex: python sqlmap.py -u 'http://mytestsite.com/page.php?id=5'
Safety Precaution
• Use only vulnerable test environments like DVWA or Juice Shop. Do not test SQL
Injection on unauthorized systems.
• Secure your network connection during testing to avoid unauthorized access.
• Backup important data on your testing environment to prevent accidental data loss.
• Be aware of legal implications when working with penetration testing techniques.

Application & Inference

• This experiment helps in understanding how SQL Injection exploits work by
manipulating database queries.
• SQL Injection analysis enhances skills in detecting and mitigating common web
application vulnerabilities.
• The experiment emphasizes the importance of input validation and query
parameterization to prevent SQL Injection.

Raja Prem Sai M

221801390008