Scribd
Upload
43 views

SQLMAP

MATERI TENTANG SQLMAP

Uploaded by

itupt33
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
43 views

SQLMAP

MATERI TENTANG SQLMAP

Uploaded by

itupt33
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

SQLMAP

Automating SQL Injection


www.loiliangyang.com 1

Loi Liang Yang


Certified Information Systems Security Professional
Certified Ethical Hacker
CompTIA Security+
SQLMAP
◦ Manual page

www.loiliangyang.com 2
CustomerID CustomerName ContactName Address City PostalCode Country

SQL
Alfreds Futterkiste Maria Anders Obere Str. 57 Berlin 12209 Germany

TABLES
Ana Trujillo Avda. de la México
2 Ana Trujillo 05021 Mexico
Emparedados y helados Constitución 2222 D.F.

Antonio Moreno México


3 Antonio Moreno Mataderos 2312 05023 Mexico
Taquería D.F.

4
Around the Horn Thomas Hardy 120 Hanover Sq. London WA1 1DP UK

Christina
5 Berglunds snabbköp Berguvsvägen 8 Luleå S-958 22 Sweden
Berglund

www.loiliangyang.com 3
STRUCTURED QUERY LANGUAGE
STANDARD PROGRAMMING LANGUAGE
FOR INTERACTING WITH DATABASES
EXAMPLE COMMANDS:
SELECT – RETRIEVE DATA
DROP – DELETE TABLE
SQL Statements
INSERT – ADD ROW TO TABLE
UPDATE – MODIFY ROW IN A TABLE
DELETE – REMOVE ROW FROM TABLE
-- COMMENTS ARE WRITTEN WITH A DASH
DASH SPACE IN FRONT

www.loiliangyang.com 4
CustomerID CustomerName ContactName Address City PostalCode Country

1
Alfreds Futterkiste Maria Anders Obere Str. 57 Berlin 12209 Germany

2 Ana Trujillo Emparedados y helados Ana Trujillo Avda. de la Constitución 2222 México D.F. 05021 Mexico

3 Antonio Moreno Taquería Antonio Moreno Mataderos 2312 México D.F. 05023 Mexico

4
Around the Horn Thomas Hardy 120 Hanover Sq. London WA1 1DP UK

5 Berglunds snabbköp Christina Berglund Berguvsvägen 8 Luleå S-958 22 Sweden

SELECT * FROM CUSTOMERS;


SELECT CUSTOMERNAME, CITY FROM CUSTOMERS;

www.loiliangyang.com 5
CLIENT TO SERVER CODING
www.loiliangyang.com 6
Inject SQL commands
with unsanitized user
data
Steal, modify, destroy
data
What does unsanitized
mean?

SQL INJECTION
Sanitization – cleaning
Clean input by
removing all special
characters; disallow
certain characters, etc.
Very dangerous to
directly process user
input without sanitizing
it first.

www.loiliangyang.com 7
CURSOR.EXECUTE(“SELECT
* FROM USER WHERE
USERNAME=‘” + NAME + “’ select * from user
where username=‘’
AND PASSWORD = ‘” + OR TRUE; -- ‘ AND
password = ‘????’;
PASSWORD + “’;”)

www.loiliangyang.com 8
Key
commands
of SQLMAP
◦ python sqlmap.py -u ‘target
ip address’

www.loiliangyang.com 9
Key
commands
of SQLMAP
◦ python sqlmap.py -u ‘target
ip address’

www.loiliangyang.com 10
SQLMAP
Injection
◦ Union tests

www.loiliangyang.com 11
Vulnerable
fields

www.loiliangyang.com 12
SUBMISSION
URL LINKS
HTTP://192.168.0.212/MUTILLIDAE/IN
DEX.PHP?PAGE=USER-
INFO.PHP&USERNAME=TEST&PASS
WORD=TEST&USER-INFO-PHP-
SUBMIT-
BUTTON=VIEW+ACCOUNT+DETAILS

www.loiliangyang.com 13
Target Url
with input

www.loiliangyang.com 14
Injectable
fields

www.loiliangyang.com 15
Injectable
fields are
highlighted

www.loiliangyang.com 16
Payloads

www.loiliangyang.com 17
Enumerate
DBMS
databases
--dbs

www.loiliangyang.com 18
Enumerate DBMS
database tables

--tables
-D DB
DBMS database to enumerate

www.loiliangyang.com

19
Enumerate DBMS
database tables

--tables
-D DB
DBMS database to enumerate
-T TBL
DBMS database table(s) to enumerate
--dump
Dump out table data

www.loiliangyang.com

20
Interactive SQL Shell

--sql-shell
Prompt for an interactive SQL shell

www.loiliangyang.com 21
SQL Statements in MYSQL

www.loiliangyang.com 22
WHAT OTHER
TECHNIQUES
CAN YOU USE
ALONG SIDE
SQLMAP?
www.loiliangyang.com 23

You might also like