Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

SQL Injection Vulnerability Testing with SQLMAP, Assignments of Information Security and Markup Languages

Information Security lab work to protect data and find out new ways of data security

Typology: Assignments

2021/2022

Available from 03/26/2023

utkarsh-goyal-1
utkarsh-goyal-1 🇺🇸

8 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
UTKARSH GOYAL 19BIT0402
ISM LAB DA-3
Name: Utkarsh Goyal
Reg.No: 19BIT0402
Slot: L51+52
INFORMATION SECURITY LAB 3
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download SQL Injection Vulnerability Testing with SQLMAP and more Assignments Information Security and Markup Languages in PDF only on Docsity!

ISM LAB DA-

Name: Utkarsh Goyal

Reg.No: 19BIT

Slot: L51+

Aim: Testing website for SQL Injection Vulnerability using SQLMAP Procedure: ● Download the SQLMAP tool zip file from the site https://sqlmap.org/ and extract the files to the desired path. ● To check the directory run command dir and also run the sqlmap.py command to know if its working ● We then choose a SQL Injection infected website for demonstrating the Vulnerability. So we chose this Vulnerablesite:http://testphp.vulnweb.com/listproducts.php?cat= 1 ● We now open the command prompt with the directory address where the sqlmap.py file was extracted and perform various commands to understand the SQL injection vulnerability. ● These commands bring out the basic functioning of the tool and fetch the details about the perspective domain. ● Now to understand the sql injection of the sql injected vulnerability site we use some commands that will help us find the vulnerability of the website. ● To better understand the sql injection of the site we now can demonstrate the data enumeration or mention a number of things one by one using the tool. ● To get the databases of the site we use the command –dbs which makes us fetch the details about the website. ● Some of the commands to enumerate the database through an application vulnerable to SQL injection. Used to exploit details of the vulnerable site a. Current-username: to get current username b. Current-dbs: to get current database c. Hostname: to get hostname ● Performing the above data enumeration command makes it clearer that the site is sql injected. When such a data enumeration command is performed on the site which is not vulnerable, we may not get all these details. ● To understand this, we compare the site with running any of these commands on a non vulnerable site say

Website used to check its vulnerability:- http://testphp.vulnweb.com/listproducts.php?cat= Command prompt screenshot page:-

Screenshot with the usage of basic commands like batch, crawl, level:- Command:- sqlmap.py-uhttp://testphp.vulnweb.com/listproducts.php?cat=1 --crawl 2 --batch --level 2

https://insecure-website.com/products?category=Gifts–

https://insecure-website.com/products?category=Gifts+OR+1=1–

Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.