SQL injection using SQLMAP

Categories: Python | Quality Assurance | SQLMAP | Testing |

SQL injection

This tool is open source and just requires installation of Python for it to work.

It has complete support for MySQL, Oracle, PostgreSQL y Microsoft SQL. Besides these four database system management, sqlMap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase.

This powerful tool can be manipulated through commands and next we will take a look at those that are frequently used for data extraction from a web site.

For this guide, I will use Backtrack which brings sqlmap already installed. You can find it in:

Applications  >>  Backtrack  >>  Exploitation Tools  >>  Web Exploitation Tools  >>  sqlmap

When running it, you will see something like this:

For this tutorial I have prepared a vulnerable site. The first step is to find a section to inject. I will use the following:

http://127.0.0.1/web/product.php?id=7

To find out whether the site is vulnerable or not, we must generate an error.  To do this, I’m going to change the number 7 to a single quote (‘).  I could have used a negative number or anything.  If the site is vulnerable, it should show some kind of error.

Once we’ve found where we want to do the injection, we run the following command to get the names of the databases of the site:

python sqlmap.py -u http://127.0.0.1/product.php?id=7 –dbs

Now we have the database name, which is smartene_SEH.

Then we’ll search the table names, to do that we need to execute a similar command with some extra parameters.

python sqlmap.py -u http://127.0.0.1/product.php?id=7 –D smartene_SEH — tables

Finally, to dump a table and get its information, we need to run the following command:

python sqlmap.py -u http://127.0.0.1/product.php?id=7 –D smartene_SEH –T usuarios – -dump

As a result, we’ll get the data of that table:

That’s all about it!

 

Leave a comment