SQL Injection Part 1 – Scan SQLi Vulnerability with viSQL

3

Welcome back! Today we will cover SQL based injection attack. But, before jump into injecting method, let me explain you what is literally mean by SQL, and what you got if doing sql injection.

What is Databases?

As if you are wondering, it’s contain two words “data-base”, literally mean database is a spot or place to store, save, or modify data. Databases, containing tables, and each table is filled by Rows which define the data, and Columns which containing list of data.

Table Name: AdminAccounts

Email Username Password
[email protected]  d1ct  asUk0w3
[email protected]  s1ck  r4immuCox

For example above. That is a simple table named “AdminAccount“. it contains 3 data Rows, “Email” “Username” and “Password“. Remember, Rows is defining the data name.

The columns, is the actual data that we will grasp soon, its containing data, the actual data! The list of data which is stored in database. See table above, it has 2 columns, each columns contains specific data to on entity. For example, the first column in this table belong to email “[email protected]“, the second to email “[email protected]”. That 2 data are taken from first Row, which is “Email“. So if I want to know “[email protected]“s password i should look for the Row “Password“. Got it?

What is SQL?

SQL (Structured Query Language) or some called sequel, is a “programming language” used for managing databases and performing various operations on the data in them. Literally, SQL asks the databases what to do, such as modifying table, adding, updating and deleting rows of data; and retrieving subsets of information from within a database. SQL is simple, and it used by very-large scale to manage databases by the administrator.

What is SQL Injection?

SQL injection, as it is declared, is injecting SQL, injecting the databases’ boss. Injeting SQL is by inject malicious code in a query, each query or instruction being run in real-time through database, that we could manipulate subset query to database. The main purpose to do SQL injection is to gather/dump data in database/s. Anyway, injection based attack is the first on OWASP Top 10!

SQL Injection Vulnerability Scanner

Yeah, i called this tool as it is. Because this tool is able to crawl, spider the URL links on target and then test it whether it is likely vulnerable or not. Not only one target, it will list and scan all available domain by reverse look-up on that server.

Let’s get started!

First of firsts, we need to install the tool, named ViSQL. Thank’s to “blackvkng” for his dedicating to contribute to his work. Now, open your terminal, and type:

 

After successfully installed, and all dependencies too, now look for any information provided by viSQL, basically by displaying help menu. Type :

 

As seen above, viSQL display the usage argument. What i like from this tool is, simplicity. You just add -t argument following by the URL or Server IP address, then viSQL will does all for you.

Lets set a target, in this tutorial i want to scan http://kawat.net as my target. Run this command :

 

Now take a time, to let viSQL doing its job. viSQL first will doing Reverse IP Lookup to enumerate the list domain which is on this target IP. then crawling each site to find SQL injection vulnerable. If viSQL found potential SQL injection on target then it will display the SQL Injection vulnerable link as shown below.

 

 

See, we got a website with SQL injection vulnerable, viSQL displayed the link also.

Now collect that link, and then start doing SQL injection manually through browser or automate it using your desirable tool, the most popular and powerful is sqlmap. I think enough for now. I will continue to explain about SQL Injection on the other next-part tutorial.

  • David Banks

    I haven’t finished reading this, but the definitions of columns and rows are back to front. Columns are vertical and define the fields contained in each record, rows are horizontal and each row contains the data for 1 record.

    • Noor Qureshi

      I’m sorry for that! I will edit article and report to author!

      • David Banks

        Thank you Noor