Scribd
Upload
105 views

SQLMAP

MATERI TENTANG SQLMAP

Uploaded by

itupt33
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
105 views

SQLMAP

MATERI TENTANG SQLMAP

Uploaded by

itupt33
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

SQLMAP

Automating SQL Injection


www.loiliangyang.com 1

Loi Liang Yang


Certified Information Systems Security Professional
Certified Ethical Hacker
CompTIA Security+
SQLMAP
◦ Manual page

www.loiliangyang.com 2
CustomerID CustomerName ContactName Address City PostalCode Country

SQL
Alfreds Futterkiste Maria Anders Obere Str. 57 Berlin 12209 Germany

TABLES
Ana Trujillo Avda. de la México
2 Ana Trujillo 05021 Mexico
Emparedados y helados Constitución 2222 D.F.

Antonio Moreno México


3 Antonio Moreno Mataderos 2312 05023 Mexico
Taquería D.F.

4
Around the Horn Thomas Hardy 120 Hanover Sq. London WA1 1DP UK

Christina
5 Berglunds snabbköp Berguvsvägen 8 Luleå S-958 22 Sweden
Berglund

www.loiliangyang.com 3
STRUCTURED QUERY LANGUAGE
STANDARD PROGRAMMING LANGUAGE
FOR INTERACTING WITH DATABASES
EXAMPLE COMMANDS:
SELECT – RETRIEVE DATA
DROP – DELETE TABLE
SQL Statements
INSERT – ADD ROW TO TABLE
UPDATE – MODIFY ROW IN A TABLE
DELETE – REMOVE ROW FROM TABLE
-- COMMENTS ARE WRITTEN WITH A DASH
DASH SPACE IN FRONT

www.loiliangyang.com 4
CustomerID CustomerName ContactName Address City PostalCode Country

1
Alfreds Futterkiste Maria Anders Obere Str. 57 Berlin 12209 Germany

2 Ana Trujillo Emparedados y helados Ana Trujillo Avda. de la Constitución 2222 México D.F. 05021 Mexico

3 Antonio Moreno Taquería Antonio Moreno Mataderos 2312 México D.F. 05023 Mexico

4
Around the Horn Thomas Hardy 120 Hanover Sq. London WA1 1DP UK

5 Berglunds snabbköp Christina Berglund Berguvsvägen 8 Luleå S-958 22 Sweden

SELECT * FROM CUSTOMERS;


SELECT CUSTOMERNAME, CITY FROM CUSTOMERS;

www.loiliangyang.com 5
CLIENT TO SERVER CODING
www.loiliangyang.com 6
Inject SQL commands
with unsanitized user
data
Steal, modify, destroy
data
What does unsanitized
mean?

SQL INJECTION
Sanitization – cleaning
Clean input by
removing all special
characters; disallow
certain characters, etc.
Very dangerous to
directly process user
input without sanitizing
it first.

www.loiliangyang.com 7
CURSOR.EXECUTE(“SELECT
* FROM USER WHERE
USERNAME=‘” + NAME + “’ select * from user
where username=‘’
AND PASSWORD = ‘” + OR TRUE; -- ‘ AND
password = ‘????’;
PASSWORD + “’;”)

www.loiliangyang.com 8
Key
commands
of SQLMAP
◦ python sqlmap.py -u ‘target
ip address’

www.loiliangyang.com 9
Key
commands
of SQLMAP
◦ python sqlmap.py -u ‘target
ip address’

www.loiliangyang.com 10
SQLMAP
Injection
◦ Union tests

www.loiliangyang.com 11
Vulnerable
fields

www.loiliangyang.com 12
SUBMISSION
URL LINKS
HTTP://192.168.0.212/MUTILLIDAE/IN
DEX.PHP?PAGE=USER-
INFO.PHP&USERNAME=TEST&PASS
WORD=TEST&USER-INFO-PHP-
SUBMIT-
BUTTON=VIEW+ACCOUNT+DETAILS

www.loiliangyang.com 13
Target Url
with input

www.loiliangyang.com 14
Injectable
fields

www.loiliangyang.com 15
Injectable
fields are
highlighted

www.loiliangyang.com 16
Payloads

www.loiliangyang.com 17
Enumerate
DBMS
databases
--dbs

www.loiliangyang.com 18
Enumerate DBMS
database tables

--tables
-D DB
DBMS database to enumerate

www.loiliangyang.com

19
Enumerate DBMS
database tables

--tables
-D DB
DBMS database to enumerate
-T TBL
DBMS database table(s) to enumerate
--dump
Dump out table data

www.loiliangyang.com

20
Interactive SQL Shell

--sql-shell
Prompt for an interactive SQL shell

www.loiliangyang.com 21
SQL Statements in MYSQL

www.loiliangyang.com 22
WHAT OTHER
TECHNIQUES
CAN YOU USE
ALONG SIDE
SQLMAP?
www.loiliangyang.com 23

You might also like