AppSec Tales XIII | SQLI
9 min readApr 11, 2023
Application Security Testing for the SQL Injection.
INTRODUCTION
The article describes how to test the application to find SQL Injection vulnerabilities. The advice in this article is based on the following:
- OWASP Web Security Testing Guide
- OWASP Application Security Verification Standard
- Bug bounty reports
- Own experience.
TOOLING
Tools with basic usage instructions & wordlist used for the SQLI detection.
STANDALONE TOOLS
- sqlmap — semi-automated SQLI detection & exploitation tool.
Use
--batch
to fully automate the detection.
Use*
to instruct thesqlmap
where is the injection point.
Use--string="String_in_the_response"
to instructsqlmap
which string in the response indicates successfull injection (True).
# SINGLE URL & TARGET PARAMETER
sqlmap -u "http://afine.com/s.php?q=test" -p "q"
# CAPTURED REQUEST
sqlmap -r request.txt
# MULTIPLE URLS
sqlmap -m urls.txt
# PATH & HEADER INJECTION (*)
sqlmap -u "http://afine.com/user/*" -H "User-agent: *"
# SECOND-ORDER
sqlmap -r request.txt --second-order…