Scan SQL Injection Vulnerability On Whole Server

SQL injection is a major security flaw that allows attackers to modify SQL queries sent to a database by inserting malicious data. This can result in unwanted access, data leakage, and even complete control of the database. Scanning for SQL injection vulnerabilities throughout a server identifies weaknesses in online applications and databases, allowing for proactive risk mitigation.

For this article, we'll use vulnweb, an intentionally vulnerable website on acunetix. This allows us to safely demonstrate SQL injection techniques without compromising real-world systems while following the ethical rules and policies of GeeksforGeeks.

Topic Explanation

To scan and exploit SQL injection vulnerabilities, we'll use SQLmap, an advanced open-source penetration testing tool. Sqlmap automates the detection and exploitation of SQL injection weaknesses, and it offers features for database fingerprinting, retrieval of data, and even file system access.

Steps to Perform SQL Injection

Step 1: Install sqlmap

This command updates the package list to ensure that you get the most recent information about available packages and their dependencies. Then it installs SQLmap, a tool that detects and exploits SQL injection vulnerabilities.

sudo apt-get update
sudo apt-get install sqlmap

Step 2: Identify Target URLs and Database Enumeration

Here we will take the URL "http://testphp.vulnweb.com/listproducts.php?cat=1".

The sudo command ensures that sqlmap runs with the necessary superuser permissions. The -u option specifies the target URL, which uses cat=1 as the injection point. The --dbs option tells SQLmap to enumerate and display all databases on the target server if a SQL injection vulnerability is discovered, giving you a quick overview of the database structure.SQLmap

sudo sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --dbs

Step 3 : Enumerate Tables from database

This command scans the specified URL and lists the tables in the specified database (-D acuart --tables). This helps in identifying the structure of database.

sudo sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --batch -D acuart --tables 

As we can see that there is a user table which means all the data of users such as username, password and other details will be used to stored in this table.

Step 4 : Dump data from tables

This command dumps data from the specified table ( -T users ) in the specified database ( -D acuart ). The --dump option tells sqlmap to retrieve all the data from table.

sudo sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --batch -D acuart -T users --dump

Conclusion

Scanning for SQL injection vulnerabilities and exploiting them with sqlmap can provide invaluable information about the security posture of your web applications. By following the steps defined above, you can detect and mitigate SQL injection vulnerabilities, improving the overall security of your server and applications. Always use such tools responsibly and within legal limits, particularly on systems that you own or have explicit permission to test. The vulnweb vulnerable website from acunetix is used in this demonstration to ensure that ethical hacking is practiced in a safe and controlled environment.