Welcome back! Today we will cover SQL based injection attack. But, before jump into injecting method, let me explain you what is literally mean by SQL, and what you got if doing sql injection.
What is Databases?
As if you are wondering, it’s contain two words “data-base”, literally mean database is a spot or place to store, save, or modify data. Databases, containing tables, and each table is filled by Rows which define the data, and Columns which containing list of data.
Table Name: AdminAccounts
For example above. That is a simple table named “AdminAccount“. it contains 3 data Rows, “Email” “Username” and “Password“. Remember, Rows is defining the data name.
The columns, is the actual data that we will grasp soon, its containing data, the actual data! The list of data which is stored in database. See table above, it has 2 columns, each columns contains specific data to on entity. For example, the first column in this table belong to email “[email protected]“, the second to email “[email protected]”. That 2 data are taken from first Row, which is “Email“. So if I want to know “[email protected]“s password i should look for the Row “Password“. Got it?
What is SQL?
SQL (Structured Query Language) or some called sequel, is a “programming language” used for managing databases and performing various operations on the data in them. Literally, SQL asks the databases what to do, such as modifying table, adding, updating and deleting rows of data; and retrieving subsets of information from within a database. SQL is simple, and it used by very-large scale to manage databases by the administrator.
What is SQL Injection?
SQL injection, as it is declared, is injecting SQL, injecting the databases’ boss. Injeting SQL is by inject malicious code in a query, each query or instruction being run in real-time through database, that we could manipulate subset query to database. The main purpose to do SQL injection is to gather/dump data in database/s. Anyway, injection based attack is the first on OWASP Top 10!
SQL Injection Vulnerability Scanner
Yeah, i called this tool as it is. Because this tool is able to crawl, spider the URL links on target and then test it whether it is likely vulnerable or not. Not only one target, it will list and scan all available domain by reverse look-up on that server.
Let’s get started!
First of firsts, we need to install the tool, named ViSQL. Thank’s to “blackvkng” for his dedicating to contribute to his work. Now, open your terminal, and type:
git clone https://github.com/blackvkng/viSQL.git cd viSQL pip install -r requirements.txt
After successfully installed, and all dependencies too, now look for any information provided by viSQL, basically by displaying help menu. Type :
python viSQL.py --help
As seen above, viSQL display the usage argument. What i like from this tool is, simplicity. You just add -t argument following by the URL or Server IP address, then viSQL will does all for you.
Lets set a target, in this tutorial i want to scan http://kawat.net as my target. Run this command :
python viSQL.py -t http://kawat.net/
Now take a time, to let viSQL doing its job. viSQL first will doing Reverse IP Lookup to enumerate the list domain which is on this target IP. then crawling each site to find SQL injection vulnerable. If viSQL found potential SQL injection on target then it will display the SQL Injection vulnerable link as shown below.
See, we got a website with SQL injection vulnerable, viSQL displayed the link also.
[INFO] [22:05:27] Site: http://creativeclutters.com [INFO] [22:05:29] SQLi vuln! --> http://creativeclutters.com/detail.php?id=236
Now collect that link, and then start doing SQL injection manually through browser or automate it using your desirable tool, the most popular and powerful is sqlmap. I think enough for now. I will continue to explain about SQL Injection on the other next-part tutorial.