V3n0M and SQL injections

V3n0M and SQL injections

SQL injection is one of the common ways to hack into database sites and programs based on embedding arbitrary SQL code in a query.SQL injection, depending on the type of DBMS used and implementation conditions, can allow an attacker to execute an arbitrary database query (for example, read the contents of any table, delete, modify, or add data), get the ability to read, write local files and execute arbitrary commands on the attacked server.

The SQL injection type attack may be possible due to incorrect processing of input data used in SQL queries.



The developer of application programs working with databases should be aware of such vulnerabilities and take measures to counteract SQL injection.

How to find a vulnerability?
Google Dork or Google Dork Queries (GDQ) is a set of queries to identify the gravest security holes. Everything that is not properly hidden from search robots.

Let’s say we know that if the URL of the site contains “page.php?file=”, there is some probability that the link is vulnerable and subject to SQL Injection attack. An attacker can gain unauthorized access to the database by manipulating parameters in the URL text.

It is still possible to change a couple of dozen parameters manually, but this is likely to fail. Various scripts come in, which allow you to search for “anomalies” in the automatic mode.



V3n0M is a free open source scanner designed to detect various vulnerabilities.

V3noM installation.

To begin with, we install all the necessary libraries for the utility:

apt-get install python3-bs4 

apt-get install python3-setuptools

apt-get install python3-dev 

apt-get install python-dev

We clone the tool repository from GitHub:

git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner.git.

Go to the utility folder:

cd V3n0M-Scanner

And we run the installation script with a command:

python3 setup.py install --user

Use

After installation, we launch the utility:

python3 v3n0m.py

 

Now select 1 item to use the vulnerability scanner.

Enter target URL for the scan. For example, CouncilMP.ru

Then select number of dorky. The tool database contains over 14 thousand dorks. If you enter zero, the tool will use all the dorks contained in the database.

After that, select the number of scan streams (from 50 to 500) and select the number of pages in the search engine, the output of which will be analyzed by the script. The higher the number, the better the result, but the longer the time spent on scanning.

The automatic scanning process has started.

After the whole scanning process, the utility offers us to sort all the found results. For example, the tool found 279 references, and after cleaning duplicates and other trash only 102 remained.

But we don’t know yet whether these links are vulnerable in an SQL attack. To check it, we choose the first point – SQLi Testing.

The script will automatically check all found links to SQL Injection and show the result as a list of vulnerable URLs.

How to exploit the SQL code vulnerability?

SQLMap is an open source penetration testing tool that automates the process of identifying and exploiting SQL injection vulnerability and database server capture.

Installation and exploitation.

We clone the repository from GitHub:

git clone https://github.com/sqlmapproject/sqlmap.git.

Go to the folder:

cd sqlmap

And we launch the utility:

python2 sqlmap.py -u <vulnerable url address>

To get help on the tool, enter the command:

python sqlmap.py -h


WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


4 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: