Schedule a meeting
  • Cybersecurity

STEPS INVOLVED IN PERFORMING SQL INJECTION(for educational purposes only)

Picture of Aliu B. Sanusi

Aliu B. Sanusi

Cybersecurity Awareness Coach || IT Instructor || Cybersecurity Mentor|| Ethical hacker|| App Developer || HTML & CSS || Python

Understanding SQL Injection in Penetration Testing

SQL Injection is one of the most common and dangerous vulnerabilities in web applications. It occurs when attackers can inject malicious SQL queries into input fields, allowing them to interact directly with the database. This can lead to unauthorized access, data leakage, or even complete control over the database.

In penetration testing, SQL Injection can be exploited in two primary ways: manually and using automated tools like SQLMap.

Manual SQL Injection Method

The manual method involves systematically testing potential vulnerabilities by manually inserting SQL queries into input fields such as login forms, search boxes, or URL parameters. It requires more effort and a deeper understanding of SQL, but can be highly effective in finding vulnerabilities that automated tools might miss.

Here’s how you can manually test for SQL injection vulnerabilities:

  1. Identifying the Injection Point:
  1. Start by identifying pages or forms where user input is accepted, such as login pages or search bars.
  2. Inject simple test strings like ' OR 1=1 -- or ' OR 'a' = 'a' -- into the input fields to observe how the web application behaves.
  3. Using Injection Scripts:
  1. In Kali Linux, there is a collection of commonly used SQL injection payloads stored in the sql.txt file found in the injections directory. /usr/share/webshells/sql/
  2. You can test each payload manually by copying and pasting them into the form fields to see how the server responds. This step-by-step method requires patience, but it gives you more control over the testing process.

Example:

sql
  ' OR 1=1 --

If this login query bypasses authentication, it means the website is vulnerable to SQL Injection.

Automated SQL Injection with SQLMap

While manual testing can be thorough, it’s also time-consuming. For efficiency, penetration testers often rely on automated tools such as SQLMap to perform SQL Injection tests.

SQLMap is an open-source tool that automates the process of detecting and exploiting SQL injection flaws. It can perform a wide range of tasks, from fingerprinting the database to extracting data or even gaining full control of the database server.

Steps to Use SQLMap:

  1. Install SQLMap (SQLMap comes pre-installed with Kali Linux).
  2. Running a Basic Test:
  3. Open the terminal and run a SQLMap command with the vulnerable URL:
sqlmap -u
  • SQLMap will automatically detect the SQL injection vulnerability and attempt to exploit it.
  • Extracting Data:
  1. You can use SQLMap to extract database information. For example:
 
  sqlmap -u "http://targetsite.com/login.php?id=1" --dbs
  • This command will list all the databases present on the server

Advanced Usage

SQLMap can also dump entire databases, retrieve specific tables, or execute custom SQL queries for deeper analysis.

    To perform an advanced SQL injection attack using SQLmap on a login URL like https://issauga.lt/login-1/ (for educational and ethical purposes in authorized environments only), here are the steps:

    Step 1: Install SQLmap on Kali Linux SQLmap is usually pre-installed on Kali Linux. If not, you can install it using:

    sudo apt-get install sqlmap

    Step 2: Identify Potential Vulnerability (Manual Testing) Before using SQLmap, identify if the login page might be vulnerable to SQL injection manually. You can test by entering something like:

    ‘ OR 1=1; —

    or locate the sql.txt file at the Injections directory

    in the username and password fields. If you notice unusual behavior (like being logged in without valid credentials), this might indicate a vulnerability.

    Step 3: Intercept the Request

    Use Burp Suite to intercept the login request and identify the parameters being sent to the server. This will allow you to know the exact POST or GET parameters SQLmap needs to target.

    Step 4: Use SQLmap

    Here’s how to use SQLmap to test for SQL injection vulnerability.

    • First, intercept the POST/GET request while trying to log in (via Burp Suite or similar tool), then save the request to a file, e.g., request.txt.
    • SQLmap can then be pointed to this request file for automated testing.

    Command to use SQLmap with a request file:

    sqlmap -r request.txt -p username

    This will instruct SQLmap to use the intercepted request and analyze it for SQL injection vulnerabilities..

    Alternatively, you can directly target the URL if you know the parameter being vulnerable:

    sqlmap -u “https://issauga.lt/login-1/” –data=”username=admin&password=test” –batch –risk=3 –level=5

    Step 5: Extract Information If the page is vulnerable, SQLmap will list the available databases, tables, and columns. You can then extract information:

    • To list the databases:

    sqlmap -r request.txt -p username –dump

    Step 6: Analyze the Results SQLmap will provide the output of its findings, such as database names, tables, and columns, and potentially dump data from the target.

    Follow the video below for more clarity.

    Share the Post:

    Related Posts

    © All rights reserved by Aliu B. Sanusi