What is SQL Injection?
SQL Injection is a code injection technique where an attacker executes
malicious SQL queries that control a web application’s database.Attacker can modify,add and delete records from the database.
An SQL Injection vulnerability may effect any website or web application that uses an SQL database such as MySQL, Oracle and SQL server etc.
SQL Injection attacks are one of the oldest and dangerous web application vulnerabilities. The OWASP organization (Open Web Application Security Project) lists SQL Injection in OWASP Top 10 vulnerabilities.
What is Sqlmap?
Sqlmap is an open source penetration testing tool that automates the
process of detecting and exploiting SQL injection flaws and taking over
of database servers.
Given a vulnerable HTTP request URL, Sqlmap can exploit the remote
database and do a lot of hacking like extracting database names, tables,
columns, all the data in the tables etc. It can even read and write
files on the remote file system under certain conditions.
Where can you use Sqlmap?
If you observe a web URL is in the form of the given link :-
http://testphp.vulnweb.com/listproducts.php?cat=1
Where the GET parameter is in bold, then the website may be vulnerable to this mode of SQL Injection and an attacker may be able to gain access to the information in the database.
A simple test to check whether your website then replace the value in the GET request parameter with an asterisk (*).
For Example - http://testphp.vulnweb.com/listproducts.php?cat=*
If you get this type of SQL Syntax error then we can say that website is vulnerable to SQL Injection.
In this article, I am using this vulnerable website which is designed with vulnerabilities for demonstrating purpose.
http://testphp.vulnweb.com/listproducts.php?cat=1
We can hack into database by doing manual process but In this article , I am gonna use Sqlmap automated tool for SQL Injection. We will see manual way of doing SQL Injection in another article.
So, Lets get into it.
I am using Sqlmap on my terminal of Kali Linux Operating system which is installed in Oracle VirtualBox.
You can also check for Sqlmap help by typing the below command in terminal.
sqlmap -h
This command will show you how to use Sqlmap in terminal.
Step 1 : List Information about the existing databases
Firstly, we will have to enter the vulnerable URL along with -u parameter. Now we want to check whether it is possible to gain access to a database, So we will use --dbs option to do so.
--dbs for listing all the available databases.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
If it asks for keep testing for others, then type "Y" and hit enter. and it will show you all available databases like below screenshot.
Step 2 : List Information about Tables present in the particular database
Now, To access the database we have to modify our command. We will now use -D to specify our database name that we want to access. and to fetch the tables information from any database, We will use --tables query. Now Let access the "acuart" database and check for tables inside this database.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables
Type this command and hit enter and You will see list of tables present in acuart database.
Step 3 : List Information about the columns of a particular table
If we want to view the columns of a particular table, we can use the following command in which we use -T to specify the table name and --columns to query about the columns inside that table.
So, We are more interested in users table because that can contain information about usernames and passwords.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns
This command will display the all columns present in the users table. what are the fields inside that table, all columns will be displayed like below screenshot.
Step 4 : Dump the data from the columns
Similarly, we can access the information in a specific column by using the following command, where -C can be used to specify multiple columns separated by comma just like i have done.
and --dump query to retrieve the data from the columns.
I want to retrieve data of multiple columns like uname, pass and email. So, I specified -C uname,pass,email.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C uname,pass,email --dump
This command will dump the data from the specified columns, tables and database. and It will show you output like this.
As you can see, we have successfully dumped the data like username , password from the database.
You can access the any database, any table and any columns. Just explore this thing.
Happy Learning
0 Comments
Please do not enter any spam link in the comment box.