Skip to content

rstiff/sqlmap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
README.md
README.md
 
 

Repository files navigation

sqlmap Data Base Attack

Name: Rory Stiff

Date: July 25, 2024

Disclaimer: This is for educational purposes only.

Description: In this section I will be explaining what sqlmap is and a project example of what a database attack looks like. I will also show you all how to prevent sqlmap database attacks from happening. I will be using http://testphp.vulnweb.com/ for showing you all how to do a database attack.

sqlmap

sqlmap is a tool that automatically finds and exploits SQL injection vulnarabilities. We can then use this to test web applications for SQL injection vulnarabilities and gain access to vulnarable databases. Sqlmap is a tool used by pen-testers to identify vulnarble databases within an application.

image

Example project

In the posters tab if we click the tab we see the web page this redirects us to the posters that the artist post. When I click the posters tab I recongnize that the url changes slightly like this...

image

image

How to see if the web page is vulnarable

By putting an asterik(*) in the request parameter this allows us as the attacker to see if the web page is vulnarable to sql database attacks.

image

You should get an error like this when you put the asterik(*) in the get request parameter.

image

This command checks and sees the dabatbase names for that web page and returns them back so you can go and look inside the database tables. This is very bad becuase if we had a database and the table within that database called"users" was in there and had sensitve data, then thats a big issue to take care of.

image

So in this case there are two databases as shown here

image

This command that I put in shows that there are multiple tables within the acuart database. The attacker would most likley be intrested in seeing the users tables becuase there login info and credintals should be in that table.

image

image

Now its time to open up the users table and see whats inside

image

In the image down below we see that there is sensitive information such as a users name, street address, passwords, email, phone number, and username.

image

How to prevent sql data base attacks from happening

  1. use paramertized queries
  2. Use Object-Relational Mapping
  3. input validation
  4. Least privliages
  5. Web Application Firewall
  6. Regular secuirty testing and monitoting
  7. error handling

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published