Scribd
Upload
12 views8 pages

A Comprehensive Approach For Testing For SQLI

This document provides a comprehensive guide for testing SQL injection vulnerabilities in web applications, detailing steps such as selecting parameters, performing basic math tests, and using SQL query functions. It emphasizes the importance of understanding application behavior in response to different inputs and suggests using specialized tools like SQLMap for advanced testing. Detecting and addressing SQL injection vulnerabilities is crucial for enhancing web application security.

Uploaded by

tapanem767
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views8 pages

A Comprehensive Approach For Testing For SQLI

This document provides a comprehensive guide for testing SQL injection vulnerabilities in web applications, detailing steps such as selecting parameters, performing basic math tests, and using SQL query functions. It emphasizes the importance of understanding application behavior in response to different inputs and suggests using specialized tools like SQLMap for advanced testing. Detecting and addressing SQL injection vulnerabilities is crucial for enhancing web application security.

Uploaded by

tapanem767
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

A Comprehensive Approach for Testing for SQL Injection Vulnerabilities GOVERDHAN KUMAR

A Comprehensive
Approach for Testing for
SQL Injection
Vulnerabilities

GOVERDHAN KUMAR

1
A Comprehensive Approach for Testing for SQL Injection Vulnerabilities GOVERDHAN KUMAR

A comprehensive guide for exploring how to test for SQL


injection vulnerabilities in web applications. It covers steps
such as selecting parameters for testing (e.g., URL query,
POST body), performing basic math tests, adding common
symbols, testing for multiple symbols, and injecting SQL
query functions. Additionally, it demonstrates the use of
comments to hide malicious payloads and suggests using
specialized tools like SQLMap for advanced testing.
Detecting and addressing SQL injection vulnerabilities is
crucial for web application security.

Trust me, it really feels good when you see this the below
screenshot on your target application and why not? SQL
injection vulnerabilities generally are a valid P1 issues on
bug bounty programs.

It becomes easy to find SQL Injection if we understand,


How an application behaves in response to different HTTP
requests and inputs. It’s essential to understand how SQL
injection works and how to test for it effectively.

2
A Comprehensive Approach for Testing for SQL Injection Vulnerabilities GOVERDHAN KUMAR

SQLInjection using SQLMAP

This guide will take you through the step-by-step process of


testing for SQL injection vulnerabilities.

 Select Parameters for Testing

Before diving into SQL injection testing, identify the


parameters you want to test. These parameters can be found
in various places within a HTTP request that is sent to an
application server:

 URL query

URL query

3
A Comprehensive Approach for Testing for SQL Injection Vulnerabilities GOVERDHAN KUMAR

 POST body

POST body

 Headers

Headers

 Cookies

4
A Comprehensive Approach for Testing for SQL Injection Vulnerabilities GOVERDHAN KUMAR

Cookies

Choose any parameter, but it’s common to start with integer


parameters. These are often used in queries and can be
more susceptible to SQL injection.

 Perform Basic Math Tests

If the selected parameter is an integer, try performing basic


math operations on it within the input:

Example: user_id=1338-1

If an SQL injection vulnerability exists, you might observe


unexpected results or errors in the response.

 Add Common Symbols

Next, add common SQL injection symbols to the parameter


and monitor the response status. Some symbols to test
include:

 Single quote (')

5
A Comprehensive Approach for Testing for SQL Injection Vulnerabilities GOVERDHAN KUMAR

 Double quote (")

 Semicolon (;)

If you receive an error response, this could be a sign of an


SQL injection vulnerability.

 Test for Multiple Symbols

Continue testing by adding more than one symbol to the


parameter to see how the application responds. For SQL,
the escape character for a single quote is another single
quote, and for a double quote, it’s another double quote.

Examples:

 login=admin (status: 200)

 login=admin' (status: 500)

 login=admin'' (status: 200)

 Perform SQL Query Functions

Try injecting SQL query functions into the parameter.


Depending on the type of parameter (integer or text), use
appropriate functions:

Integer Parameter:

 user_id=1337 AND 1=1 (status: 200)

6
A Comprehensive Approach for Testing for SQL Injection Vulnerabilities GOVERDHAN KUMAR

 user_id=1337 AND 2=1 (status: 500)

Text Parameter:

 login=admin' AND 'A'='A (status: 200)

 login=admin' AND 'A'='B (status: 500)

JSON Integer Parameter:

 {"user_id":"1337 AND 1=1"} (status: 200)

 Combine SQL Query Functions with Comments

To hide your malicious payload, add comments at the end


of the parameter:

Examples:

 Integer Parameter: user_id=1337 AND 1=1 -- (status:


200)

 Text Parameter: login=admin' AND 'A'='A' -- (status:


200)

 JSON Integer Parameter: {"user_id":"1337 AND 1=1 --

"} (status: 200)

 JSON Text Parameter: {"login":"admin' AND 'A'='A' --

"} (status: 200)

 Use Specialized Tools for Further Testing

7
A Comprehensive Approach for Testing for SQL Injection Vulnerabilities GOVERDHAN KUMAR

Once if the vulnerable parameter is identified, exploitation


could be done with specialized tools like SQLMap or Ghauri.
These tools can automate the testing process and provide
detailed results.

After holding a proper understanding of what input fields


needs to be tested, the process of crawling, collecting
different HTTP requests and testing input fields could be
done in a automated fashion. Several tools
like waybackurl, gau, Burpsuite (All requests from the
History tab), Nuclei, SQLMap or Ghauri.

Follow :
https://www.linkedin.com/in/goverdhankumar
https://github.com/wh04m1i
https://linktr.ee/g0v3rdh4n
https://instagram.com/who4m1i

Source : https://infosecwriteups.com/a-comprehensive-approach-for-testing-
for-sql-injection-vulnerabilities-23c8772ffba9

You might also like