Testing for SQL Query Injection

SQL injection attacks involve inserting or "injecting" SQL queries through client input to the application. A successful attack of this type can be used to read sensitive information from the database and modify or delete it. In the most extreme cases, it allows you to issue system commands.

The following is a dangerous piece of code that can be used to perform a SQL injection attack:

SELECT * FROM users WHERE name = userName;

The variable "userName" is retrieved from the user. If an attacker names 'OR' 1 '='1' as their username, this will force the correct user name to be selected because the expression '1' = '1' is always true.

You can use a tool called sqlmap to test sql injectionvulnerabilities, which automatically is able to find and use the ability to inject SQL queries. It supports six sql injectiontechniques : logic-based, blind, error-based, UNIONqueries, cumulative queries, and OOB attacks. Allows you to attack MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB, and Informix databases.

The figure below shows an example of using sqlmap,which, using heuristic tests, detected that the id parameter may be vulnerable to sql injection attack in the query being tested.

example of using sqlmap

Chcesz wiedzieć więcej?

Zapisz się i bądź informowany o nowych postach (zero spamu!). Dodatkowo otrzymasz, moją prywatną listę 15 najbardziej przydatnych narzędzi (wraz z krótkim opisem), których używam przy testach penetracyjnych.

Nigdy nie podam, nie wymienię ani nie sprzedam Twojego adresu e-mail. W każdej chwili możesz zrezygnować z subskrypcji.

Bookmark the permalink.

Share your opinion about the article.