UTKARSH GOYAL 19BIT0402
ISM LAB DA-3
Name: Utkarsh Goyal
Reg.No: 19BIT0402
Slot: L51+52
INFORMATION SECURITY LAB 3
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
SQL Injection Vulnerability Testing with SQLMAP, Assignments of Information Security and Markup Languages
Information Security lab work to protect data and find out new ways of data security
Typology: Assignments
2021/2022
1 / 9
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download SQL Injection Vulnerability Testing with SQLMAP and more Assignments Information Security and Markup Languages in PDF only on Docsity!
ISM LAB DA-
Name: Utkarsh Goyal
Reg.No: 19BIT
Slot: L51+
Aim: Testing website for SQL Injection Vulnerability using SQLMAP Procedure: ● Download the SQLMAP tool zip file from the site https://sqlmap.org/ and extract the files to the desired path. ● To check the directory run command dir and also run the sqlmap.py command to know if its working ● We then choose a SQL Injection infected website for demonstrating the Vulnerability. So we chose this Vulnerablesite:http://testphp.vulnweb.com/listproducts.php?cat= 1 ● We now open the command prompt with the directory address where the sqlmap.py file was extracted and perform various commands to understand the SQL injection vulnerability. ● These commands bring out the basic functioning of the tool and fetch the details about the perspective domain. ● Now to understand the sql injection of the sql injected vulnerability site we use some commands that will help us find the vulnerability of the website. ● To better understand the sql injection of the site we now can demonstrate the data enumeration or mention a number of things one by one using the tool. ● To get the databases of the site we use the command –dbs which makes us fetch the details about the website. ● Some of the commands to enumerate the database through an application vulnerable to SQL injection. Used to exploit details of the vulnerable site a. Current-username: to get current username b. Current-dbs: to get current database c. Hostname: to get hostname ● Performing the above data enumeration command makes it clearer that the site is sql injected. When such a data enumeration command is performed on the site which is not vulnerable, we may not get all these details. ● To understand this, we compare the site with running any of these commands on a non vulnerable site say
Website used to check its vulnerability:- http://testphp.vulnweb.com/listproducts.php?cat= Command prompt screenshot page:-
Screenshot with the usage of basic commands like batch, crawl, level:- Command:- sqlmap.py-uhttp://testphp.vulnweb.com/listproducts.php?cat=1 --crawl 2 --batch --level 2
https://insecure-website.com/products?category=Gifts–
https://insecure-website.com/products?category=Gifts+OR+1=1–
Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.