SQL Injection

e-commerce

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

Now many websites are built using PHP and also assisted with SQL for easy content managed by the administrator, but many developers are creating their own CMS which also generates a lot of BUG, so their websites database can be injected.

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g., to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Exploitation

We need to research if your websites can be injected or not, look if your websites has url suffix like:

.<ext>?<arg>=

INFO:
<ext> = file extension
<arg> = arguments

You may to check if your table can be injected or not, so for example:

  • my website has file called functions.php that manage database and can triggered from URL, like functions.php?call=1
  • then I put apostrophe behind url like, functions.php?call=1′
  • unfortunately it’s output the error

    SQL Syntax Error Output
    Example of Error output

How to perform database injection

if you still not sure if that can be injected or not, you can try to exploit your site.

check if you already installing python 2.7.x else you need to installing python first

-Download SQLMap from SQLMap.org
-Unpack SQLMap Package you've downloaded
-open your terminal or command prompt
-change your directory to SQLMap Folder you've downloaded
$ python sqlmap.py -u <url> --dbs --table --column

after that you just read the log if your database can be injected or not

How to protect your sites

There are several ways to fix CMS:

  1. switch to WordPress CMS
  2. switch to Drupal CMS
  3. not using CMS
  4. using URL Rewriting