What is sql injection ?
SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.
What is SQLMAP ?
SQLmap is an open-source tool used in penetration testing to detect and exploit SQL injection flaws. SQLmap automates the process of detecting and exploiting SQL injection.
Where can you use SQLMAP?
When you notice a web url that is of the structure http://testphp.vulnweb.com/listproducts.php?cat=1, then the website may be vulnerable to this mode of SQL injection, and an attacker may be able to gain access to information in the database. Furthermore, SQLMAP works when it is php based.
A simple way to check whether your website is vulnerable or not, replace the value in the get request parameter with an asterisk (*), if you got sql error, then we can conclusively say that the website is vulnerable.
Installing sqlmap command
sudo apt-get install sqlmap
In this tutorial, we will use vulnerable website that is designed for testing purpose.
Open this link in your browser
http://testphp.vulnweb.com/listproducts.php?cat=1
1. List information of existing database
Open your terminal and type
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
Where, -u for url and –dbs for database list.
Output showing us that there are two available databases, acuart and information_schema. In some case, the application will tell you that it has identified the database and ask whether you want to test other database types. You can go ahead and type ‘Y’.
2. List information about Tables present in a particular Database
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables
Where, -u for url , -D for databse, –tables for tables present in database.
We see that 8 tables have been retrieved. So now we can say that the website is definitely vulnerable.
3. List information about the columns of a particular table
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists --columns
Where, -u for url , -D for databse, -T for table, –columns for column present in table
3 columns found in ‘artists’ table in ‘acuart’ database
4. Dump the data from the columns
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists -C aname --dump
Where, -C for column name and –dump for dump data from the column
You can see that we have accessed the data from the database.
Conclusion
Apply this method in such vulnerable websites, You can literally explore through the databases to extract information.
