Check the vulnerability to SQL injection attacks via sqlmap

Among the most serious and widespread application vulnerabilities a note of concerns about SQL-Injection. Although the theory and recommendations about specific changes they have undergone in the last ten / fifteen years, this class of vulnerability remains a major nightmare for programmers and maintainers of Web applications and, at the same time, one of the most attractive target for attackers and internal external, and its importance is likely to be permanently installed in the various Top Ten List of vulnerabilities indicated by OWASP (Open Web Application Security Project).

In this article we present sqlmap, a powerful open-source tool to automate the process of discovery and exploit SQL Injection-adapting to the DBMS as a back-end application target.

Prerequisites

This article is intended for readers already have basic knowledge of SQL-Injection, in this text will be treated the causes of vulnerability and / or countermeasures to prevent it, will not be introduced as well as the SQL language, knowledge of which, albeit base, it is considered a necessary prerequisite to a successful article.

sqlmap

sqlmap is an open-source tool that promises to automate the stages of discovery and vulnerability exploits classified as "SQL-Injection", developed entirely in Python, sqlmap is therefore available for all major operating systems. sqlmap is a comprehensive tool for the analysis of SQL-Injection as:

• is able to detect the type of target DBMS (DBMS fingerprinting), adapting their behavior accordingly;
• implements different strategies, often complex to analyze by hand, to highlight any vulnerabilities;
• identified vulnerabilities, exploits DBMS allows a rapid and, if the boundary conditions permit, the host system.

Get sqlmap

Given its enormous popularity, get sqlmap is extremely simple, and usually proceed to a direct download from the site hosted on SourceForge, where you can download an archive (platform independent) or a binary package for most distributions GBU / Linux or Windows .

For those who want to use and always test the latest development version, you can proceed to checkout the Subversion repository via the command:

 



 svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

 

Please note that as code being developed, the Subversion repository often contains versions of sqlmap suffering from bugs that can greatly affect the operation of the software.

Research strategies

sqlmap implements three strategies to verify the existence of a vulnerability in SQL-Injection:

• UNION ALL: Prince of the techniques to exploit a SQL injection is to use a UNION ALL to connect to the legitimate outcome data from a second query, insert sqlmap vulnerable application parameters in a query string containing UNION ALL SELECT which 'a', null ..., identifying the results if the execution was successful;
• Stacked queries: means to query multiple queries stacked, stacking them in a single call. Contrary to the claims of many, is not to determine whether the DBMS can use this technique but the couple DBMS / Web Framework: known example is the MS SQL Server ASP / ASP.NET and PHP, but this feature is also available on PostgreSQL with ASP / ASP.NET / PHP and MySQL with ASP.NET. If the stacked queries are enabled and the application is vulnerable, it is possible to insert arbitrary SQL code simply by interrupting the current query by entering a new and to follow (eg '; SELECT ..., -);
• Inferential blind SQL injection, SQL injection, not all are easily recognizable: the most obvious display output error information on the web page that allow easy identification and exploits, others better in environments configured, the output does not show any difference if the query has syntax errors. The latter are much more difficult to identify and exploit because the attacker must necessarily proceed "blindly", but in any case there are some tests based on Boolean logic and response times that allow to determine with a high degree of confidence the presence of an SQL-injection, sqlmap implements several checks of this kind, intended to cover most of the series.

• <<
• 1
• 2
• 3
• 4
• >>