Scribd
Upload
115 views23 pages

SQLMAP: Automating SQL Injection

MATERI TENTANG SQLMAP

Uploaded by

itupt33
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
115 views23 pages

SQLMAP: Automating SQL Injection

MATERI TENTANG SQLMAP

Uploaded by

itupt33
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

SQLMAP

Automating SQL Injection


[Link] 1

Loi Liang Yang


Certified Information Systems Security Professional
Certified Ethical Hacker
CompTIA Security+
SQLMAP
◦ Manual page

[Link] 2
CustomerID CustomerName ContactName Address City PostalCode Country

SQL
Alfreds Futterkiste Maria Anders Obere Str. 57 Berlin 12209 Germany

TABLES
Ana Trujillo Avda. de la México
2 Ana Trujillo 05021 Mexico
Emparedados y helados Constitución 2222 D.F.

Antonio Moreno México


3 Antonio Moreno Mataderos 2312 05023 Mexico
Taquería D.F.

4
Around the Horn Thomas Hardy 120 Hanover Sq. London WA1 1DP UK

Christina
5 Berglunds snabbköp Berguvsvägen 8 Luleå S-958 22 Sweden
Berglund

[Link] 3
STRUCTURED QUERY LANGUAGE
STANDARD PROGRAMMING LANGUAGE
FOR INTERACTING WITH DATABASES
EXAMPLE COMMANDS:
SELECT – RETRIEVE DATA
DROP – DELETE TABLE
SQL Statements
INSERT – ADD ROW TO TABLE
UPDATE – MODIFY ROW IN A TABLE
DELETE – REMOVE ROW FROM TABLE
-- COMMENTS ARE WRITTEN WITH A DASH
DASH SPACE IN FRONT

[Link] 4
CustomerID CustomerName ContactName Address City PostalCode Country

1
Alfreds Futterkiste Maria Anders Obere Str. 57 Berlin 12209 Germany

2 Ana Trujillo Emparedados y helados Ana Trujillo Avda. de la Constitución 2222 México D.F. 05021 Mexico

3 Antonio Moreno Taquería Antonio Moreno Mataderos 2312 México D.F. 05023 Mexico

4
Around the Horn Thomas Hardy 120 Hanover Sq. London WA1 1DP UK

5 Berglunds snabbköp Christina Berglund Berguvsvägen 8 Luleå S-958 22 Sweden

SELECT * FROM CUSTOMERS;


SELECT CUSTOMERNAME, CITY FROM CUSTOMERS;

[Link] 5
CLIENT TO SERVER CODING
[Link] 6
Inject SQL commands
with unsanitized user
data
Steal, modify, destroy
data
What does unsanitized
mean?

SQL INJECTION
Sanitization – cleaning
Clean input by
removing all special
characters; disallow
certain characters, etc.
Very dangerous to
directly process user
input without sanitizing
it first.

[Link] 7
[Link](“SELECT
* FROM USER WHERE
USERNAME=‘” + NAME + “’ select * from user
where username=‘’
AND PASSWORD = ‘” + OR TRUE; -- ‘ AND
password = ‘????’;
PASSWORD + “’;”)

[Link] 8
Key
commands
of SQLMAP
◦ python [Link] -u ‘target
ip address’

[Link] 9
Key
commands
of SQLMAP
◦ python [Link] -u ‘target
ip address’

[Link] 10
SQLMAP
Injection
◦ Union tests

[Link] 11
Vulnerable
fields

[Link] 12
SUBMISSION
URL LINKS
HTTP://[Link]/MUTILLIDAE/IN
[Link]?PAGE=USER-
[Link]&USERNAME=TEST&PASS
WORD=TEST&USER-INFO-PHP-
SUBMIT-
BUTTON=VIEW+ACCOUNT+DETAILS

[Link] 13
Target Url
with input

[Link] 14
Injectable
fields

[Link] 15
Injectable
fields are
highlighted

[Link] 16
Payloads

[Link] 17
Enumerate
DBMS
databases
--dbs

[Link] 18
Enumerate DBMS
database tables

--tables
-D DB
DBMS database to enumerate

[Link]

19
Enumerate DBMS
database tables

--tables
-D DB
DBMS database to enumerate
-T TBL
DBMS database table(s) to enumerate
--dump
Dump out table data

[Link]

20
Interactive SQL Shell

--sql-shell
Prompt for an interactive SQL shell

[Link] 21
SQL Statements in MYSQL

[Link] 22
WHAT OTHER
TECHNIQUES
CAN YOU USE
ALONG SIDE
SQLMAP?
[Link] 23

You might also like