Penetration Testing web applications is a must for securing them . SQL injection is Top rated Vulnerability by OWASP and must be penetration tested against it .
Penetration testing Web Application for SQL Injection
SQL Basics : SQL is a relational database . SQL Databases consists of Rows and Columns. The rows are sometimes reffered as Tuples also .Now in a DBMS (Database Management System) there are 3 main parts :
- Creating structure of table
- Entering data
- Making queries (and getting meaningful results from data)
Queries is the most important part of any database . Queries give the users of a Web Application the power of getting the meaning full results from the database . So our Focus in this artical will be on how queries can be used to manipulate the database and tricking it into giving us valuable information in an Un-Authorised way .
- Find a web application that is vulnerable to SQL injection (SQLi) attacks. Vulnerability has 2 criteria. Firstly, it has to allow execution of queries from the url, and secondly, it should show an error for some kind of query or the other. An error is an indication of a SQL vulnerability.
- After we know that a site is vulnerable, we need to execute a few queries/sql commands to know what all makes it act in an unexpected manner. Then we should obtain information about SQL version and the number of tables in database and columns in the tables.
- Finally we have to extract the fruitfull information from the tables.
- Manually using some standard codes available online (and if you know SQL then you can figure most of the stuff out yourself). For example, you can instruct the database to give you all the data from a table by executing the command-
SELECT * FROM Users WHERE UserId = 109 or 1=1
Now, while the first part of the query “UserID=109” may not be true for all user, the condition 1=1 will always be true. So basically the query will be prompted to return all the data about the user for all the users for whom 1=1. Effectively, you have the username and passwords and all other information about all the users of the website.
- Using some tool – Some tools help in making the process easier. You still have to use commands but using tools is much more practical after you have an idea what is actually happening. In Kali linux, there is a great tool called SQLMap that we’ll be using.