AppSec Tales XIII | SQLI

Application Security Testing for the SQL Injection.

INTRODUCTION

The article describes how to test the application to find SQL Injection vulnerabilities. The advice in this article is based on the following:

• OWASP Web Security Testing Guide
• OWASP Application Security Verification Standard
• Bug bounty reports
• Own experience.

TOOLING

Tools with basic usage instructions & wordlist used for the SQLI detection.

STANDALONE TOOLS

• sqlmap — semi-automated SQLI detection & exploitation tool.

Use --batch to fully automate the detection.
Use * to instruct the sqlmap where is the injection point.
Use --string="String_in_the_response" to instruct sqlmap which string in the response indicates successfull injection (True).

# SINGLE URL & TARGET PARAMETER
sqlmap -u "http://afine.com/s.php?q=test" -p "q"

# CAPTURED REQUEST
sqlmap -r request.txt

# MULTIPLE URLS
sqlmap -m urls.txt

# PATH & HEADER INJECTION (*)
sqlmap -u "http://afine.com/user/*" -H "User-agent: *"

# SECOND-ORDER
sqlmap -r request.txt --second-order…