The SQL injection type attack may be possible due to incorrect processing of input data used in SQL queries.
The developer of application programs working with databases should be aware of such vulnerabilities and take measures to counteract SQL injection.
How to find a vulnerability?
Google Dork or Google Dork Queries (GDQ) is a set of queries to identify the gravest security holes. Everything that is not properly hidden from search robots.
Let’s say we know that if the URL of the site contains “page.php?file=”, there is some probability that the link is vulnerable and subject to SQL Injection attack. An attacker can gain unauthorized access to the database by manipulating parameters in the URL text.
It is still possible to change a couple of dozen parameters manually, but this is likely to fail. Various scripts come in, which allow you to search for “anomalies” in the automatic mode.
V3n0M is a free open source scanner designed to detect various vulnerabilities.
To begin with, we install all the necessary libraries for the utility:
apt-get install python3-bs4 apt-get install python3-setuptools apt-get install python3-dev apt-get install python-dev
We clone the tool repository from GitHub:
git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner.git.
Go to the utility folder:
And we run the installation script with a command:
python3 setup.py install --user
After installation, we launch the utility:
Now select 1 item to use the vulnerability scanner.
Enter target URL for the scan. For example, CouncilMP.ru
Then select number of dorky. The tool database contains over 14 thousand dorks. If you enter zero, the tool will use all the dorks contained in the database.
After that, select the number of scan streams (from 50 to 500) and select the number of pages in the search engine, the output of which will be analyzed by the script. The higher the number, the better the result, but the longer the time spent on scanning.
The automatic scanning process has started.
After the whole scanning process, the utility offers us to sort all the found results. For example, the tool found 279 references, and after cleaning duplicates and other trash only 102 remained.
But we don’t know yet whether these links are vulnerable in an SQL attack. To check it, we choose the first point – SQLi Testing.
The script will automatically check all found links to SQL Injection and show the result as a list of vulnerable URLs.
How to exploit the SQL code vulnerability?
SQLMap is an open source penetration testing tool that automates the process of identifying and exploiting SQL injection vulnerability and database server capture.
Installation and exploitation.
We clone the repository from GitHub:
git clone https://github.com/sqlmapproject/sqlmap.git.
Go to the folder:
And we launch the utility:
python2 sqlmap.py -u <vulnerable url address>
To get help on the tool, enter the command:
python sqlmap.py -h