Quick Tutorial - Identify SQL Injection vulnerability with sqlmap
sqlmap is a python based penetration testing tool that automates the process of identifying SQL injection vulnerability and helps in compromising the database servers. This automated tool is very helpful and reduces the effort in finding SQL injection flaws in an application. This tutorial helps in understanding the sqlmap tool and also equipped you for running the first SQL injection test by using the sqlmap.
Installation
This tool is pre-installed on most penetration testing operating systems such as Kali Linux, Parrot, etc. Although sqlmap can be installed on Linux-based OS by using the below command:
sudo apt-get install sqlmap
Although you need to install python to run this tool by using the below command:
sudo apt-get install python3You can check the installation of python by just displaying the help options.
python -V
What does sqlmap do?
sqlmap automates the whole process of manually checking SQL injection vulnerability. This tool supports identifying vulnerabilities of six types as mentioned below:
- boolean-based blind
- UNION query-based
- time-based blind
- out-of-band
- error-based
- stacked queries
Supported DBMS by sqlmap
| MySQL | YugabyteDB | PostgreSQL | FrontBase | eXtremeDB | Mckoi |
| Virtuoso | Oracle | Raima Database Manager | Microsoft SQL Server | Microsoft Access | IBM DB2 |
| Amazon Redshift | Apache Derby | MariaDB | Presto | TiDB | Vertica |
| InterSystems Cache | H2 | SAP MaxDB | CockroachDB | Informix | Cubrid |
| Drizzle | HSQLDB | Altibase | Apache Ignite | CrateDB | Greenplum |
| Firebird | MimerSQL | SQLite | MemSQL | MonetDB | IRIS |
How to use sqlmap tool effectively
There are a lot of options available to utilize the sqlmap tool very effectively. This blog list out basic commands that is awesome to start with sqlmap and test the application for SQL injection vulnerability.
Examples
(1) First scan using -u option
You can sqlmap tool just like any other command-line tool. It is extremely easy to use. You need to just shoot the query as mentioned below:
sqlmap -u testsite.com/index.php?id=1
(2) To identify databases list by using --dbs option
sqlmap.py -u "http://www.testsite.com/test.php?id=87" --dbs
(3) Get help
sqlmap --help
(4) Bypass Firewall
Users can use --random-agent option to try as a different random agent and in turn bypass the firewall
sqlmap -u "http://testsite.com/test.php?id=50" --random-agent
(5) Test target with more payloads
The below script tests the application in more depth by bombard with more SQL injection payloads.
sqlmap -u "https://testsite.com/index.php?web=aat"--risk=2--level=5
(6) Test POST Request
You can also use sqlmap tool on POST requests. Suppose you want to test the login functionality of the application for the username field. The attacker intercepts the login request and saves it in a file login.txt. Then use sqlmap tool to identify vulnerabilities.
sqlmap -r /login.txt -p "username"--threads 10--dbs
Here -r indicates request and -p indicates test parameter.
Conclusion
sqlmap is a well-maintained tool by the open-source community and one of the most reliable tools to identify SQL injection vulnerabilities in a web application. This tool supports a huge range of databases and other different enumerations. If you have not used this tool yet, I highly recommend using this tool against the target.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
