0

Contents

CHAPTER 1 1.1 1.2 1.3 1.4 CHAPTER 2 2.1 2.2 2.3 2.4 Chapter 3 3.1 3.2 3.3 3.4 CHAPTER 4 4.1 4.2 CHAPTER 5 CONCLUSION .10 Introduction 7 Testing.7 Switch: --technique 5 Introduction ....3 Introduction to Databases ... 3 SQL (Structured Query Language)4 SQL Map4 Introduction...1 Problem Background ..1 Project Aims.2 Scope 2

Seconds to delay the DBMS response for time-based.. 6 number of Columns in UNION query SQL injection..6 Requirements6

1 CHAPTER 1

INTRODUCTION

1.1

Introduction The project is talking about the security thread that can be happen in the network. Much kind of tricks and ways to hack the data from the internet, one of them is the SQL injection. SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately

directed at your sites visitors, SQL injection is an attack on the site itselfin particular its database. The goal of SQL injection is to insert arbitrary data, most often a database query, into a string thats eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.

1.2

Problem Background As mentioned in introduction part the SQL injection is kind of thread that exist in computer network. SQL injections objective is to retrieve the information that available in certain networks. The hackers, the users will try to expose the information and use it for their own purpose. The existing problem so far is: 1. The data can be misuse by the hackers 2. Privacy can be no longer be belong to the first owner

2 1.3 Objective o To study the existing methods used by others to disseminate information from the internet. o To run a program that can be used for SQL injection methods. o To evaluate the existing program that available in internet.

1.4

Project Aims The aims of this project are that could be used by the student or users to get the information and learn to understand how the SQl Injection works and can be a threat to the network.

1.5

Scope The scope will be the website that running in internet. The SQL Injection application using SQLMap The machine used is a PC with Python installed in it This testing is only limited to enumerating the database and try breaching inside it, not taking whole control.

3 CHAPTER 2

LITERATURE REVIEW

2.1

Introduction In this chapter, it will be chapter that discuss about the things that related to the field of project. Knowing the information and how application will be function is very important. Literature review consists of the research aspect on the features, theories and the limitations that can be found, and it will be used as compass in application development process later on. All the information which is considered important will be collected and after that doing study on the existing application, so it can provide a better picture as well as getting more ideas how it works.

2.2

Introduction to Databases A database is a structured collection of data. The data are typically organized to model relevant aspects of reality (for example, the availability of rooms in hotels), in a way that supports processes requiring this information (for example, finding a hotel with vacancies). The term database is correctly applied to the data and their supporting data structures, and not to the database management system (DBMS). The database data collection with DBMS is called a database system. The term database system implies that the data are managed to some level of quality (measured in terms of accuracy, availability, usability, and resilience) and this in turn often implies the use of a general-purpose database management system

4 (DBMS). A general-purpose DBMS is typically a complex software system that meets many usage requirements to properly maintain its databases which are often large and complex.

2.3

SQL (Structured Query Language) SQL is one the one kind of programming language that specialized for managing data in relational databases management system (RDBMS). It is used to communicate with database. These are using the SQL statement in order to perform tasks such as update data on the databases, or retrieve the databases itself.

2.4

SQL Map SQLMap is an open source penetration testing tools that can be used to issue an automates command to process of detecting and exploiting sql injection flaw on a site and taking over the database servers, equipped with detection engine useful in its act. Thus in this topic we are going to explain how it is done and demonstrate the process of getting database fingerprint, finding database name and current user, enumerates database, and enumerates tables and columns.

2.5

SQL Injection SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

5 Chapter 3

SQL INJECTION TECHNIQUES

In order to test SQLMAP a study of planning of testing methodology is required. In this case choosing the suitable methodology is a very important task towards ensuring well-arranged process testing SQLMAP. Explanation of used techniques and involved steps to flow in each techniques phase will be discussed in the flowing section.

3.1

Switch: --technique

This switch can be used to point out which SQL injection type to test for. By default all types and techniques sqlmap support. But sometime you may want to test only for one or few specific types of SQL injection thought and this is where this switch comes into play. This switch needs an argument. Such argument is a string composed by an combination of B,E,U,S and T all this letter is stand different techniques:

B: Boolean-based blind SQL injection E:Error-based SQL injection U:UNION query SQL injection S:Stacked queries SQL injection T: Time-based blind SQL injection

3.2

Seconds to delay the DBMS response for time-based Switch: --time-sec For time based there is possible to set the seconds to delay the

response when we are testing for time-based blind SQL injection. By just writing this command time-sec. in SQL injection by default delay it sets 5 second.

3.3

number of Columns in UNION query SQL injection

Switch: --union-cols This command is sqlmap to test for UNION query SQL injection technique using 1 to 10 columns. However the range can be increased up to 50 columns by just writing higher level value.

3.4

Requirements Sqlmap is developed in Python, a dynamic object-oriented

interpreted programming language . this makes the tool independent from the operating system. table 3.1: shows the SQLMAP requirement.

Table 3.1 SQLmap requirements Name Python interpreter Sqlmap GNU/Linux Windows Explanation Version 2 or higher then 2.6 Version 3.5 or higher Already installed (they come out box of Python installed ) Download Python setup.

CHAPTER 4

PROGRAM TESTING

4.1

Introduction This are the chapter where need to explain every step that will be conduct in order to get the information, learn the differences before finding the conclusions.

4.2

Testing These are few steps to testing the program or SQL injection into the one of the website Database Fingerprint -sqlmap.py u http://testphp.vulnweb.com/listproduct.php?cat=1

Fire 4.1: Database Fingerprint

8 Finding the database name and current user sqlmap.py u http://testphp.vulnweb.com/listproducts.php?cat=1 current-db current-user

Figure 4.2: Finding the database name and current user Enumerate Databases Sqlmap.py u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

Figure 4.3: Enumerate Databases

9 Enumerate Databases and Tables and Columns sqlmap.py u http://testphp.vulnweb.com/listproducts.php?cat=1 tables --columns

Figure 4.4: Finding tables and columns

10

CHAPTER 5

CONCLUSION

In this report we saw how effective is the sqlmap tool when we have to identify and exploit sql injection vulnerabilities. Thus, the proper way to exploit the SQL Injection vulnerability is manually. Though, in many penetration tests due to time constraints the use of sqlmap is essential.

As we seen in this case in chapter 4 testing sqlmap managed to enumerate the database successfully and extract data from the testing website for their tables and columns. Not only this SQLmap can do it but there are more capabilities, for instance to check , IDS and IPS as well it can excute operating system commands all this reasons this tool must be in toolkit for every penetration tester and to show vulnerability of particular company website, so that they can improve their security preach.