Professional Documents
Culture Documents
ABSTRACT- The increasing use of web applications has in online applications hasn't been sufficiently investigated,
led to a rise in vulnerabilities, with SQL injection being though [2]. This study intends to close this knowledge gap
one of the most prevalent and harmful attacks. Attackers between port scanning and SQL injection flaws and offer
exploit flaws in how web applications handle user input to insights into them in online applications, thereby helping
manipulate database queries and gain unauthorized access in the development of better web applications and
to sensitive data or perform destructive actions. This increasing security.
article aims to explore the working of SQL injection
attacks and highlight the role of port scanning in such II. LITERATURE SURVEY
attacks. By understanding the causes and mechanisms
behind SQL injection, we can better comprehend the The engagement of users in critical online transactions has
importance of proper input validation and parameter opened up opportunities for attackers to manipulate and
handling in securing web applications. The study reveals counterfeit transaction data. Among the commonly
that web applications vulnerable to SQL injection can be employed methods for web attacks, SQL Injection stands
exploited through port scanning to identify open or closed out as a prevalent approach used by attackers to illicitly
ports, like MySQL's default port 3306. Attracting acquire sensitive information from organizations. [1]
malicious SQL code into user input fields can alter
database queries and potentially compromise the When user inputs are considered as separate lexical
application's security. SQL injection remains a significant elements, their lack of proper sanitization can lead the
threat to web applications due to poor input validation and web application to produce unintended results. This
inadequate handling of parameters in SQL queries. Proper situation is referred to as a command injection attack, a
security measures, such as input validation and significant hazard to the security of web applications.[2]
parameterization, are crucial to mitigate the risk of SQL An SQL Injection Attack (SQLIA) occurs when an
injection attacks and enhance overall application security. unauthorized person alters the intended result of an SQL
query by adding extra SQL keywords or operators to the
Keywords – SQL injection attacks, Web security, Port query.
Scanning, Vulnerabilities, Web Applications, Data
Injection through user input: In this particular scenario,
Analysis
the attackers engage in the act of injecting SQL commands
I. INTRODUCTION by strategically manipulating the user input they provide.
In the majority of SQL injection attacks (SQLIAs) that
SQL injection is one among the most common attacks on specifically aim at Web applications, the input provided by
a system. Understanding and remediating SQL injection users is commonly sourced from form submissions. These
vulnerabilities is critical to the security and integrity of inputs are transmitted to the Web site through HTTP GET
web applications. By implementing proactive measures or POST requests.[3]
and being vigilant with continuous security testing,
developers and organizations can effectively protect Injection through cookies: Cookies are information-
themselves against this pervasive security threat [1]. containing files generated by web applications and stored
on the user's device to retain specific state details. If a web
Web application security is a major concern, especially application uses the data from cookies to build SQL
considering SQL injection vulnerabilities (one of the most queries, there is a potential security weakness that
common attacks on a web application), which can allow attackers could take advantage of by inserting harmful
unauthorized access to and alteration of sensitive data. code directly into the cookie. [4]
Techniques such as port scanning are frequently used to
look through open ports on target systems to find potential Injection through server variables: Server variable
attack vectors. The relationship between port scanning injection: Server variables constitute a collection of
methods and the existence of SQL injection vulnerabilities elements encompassing HTTP, network headers, and
Authorized licensed use limited to: University of the West of England. Downloaded on March 12,2024 at 10:58:40 UTC from IEEE Xplore. Restrictions apply.
environment-related specifics. These variables are utilized precautionary step taken by network administrators to
by web applications for various objectives, such as evaluate network security.[8,9,10]
recording usage metrics and recognizing browsing trends.
Nonetheless, if these variables are stored in a database III. IMPLEMENTATION FOR PORT SCANNING
without undergoing appropriate cleansing, it can result in As we know, Port scanning is an information gathering
the manifestation of a susceptibility to SQL injection. [5] attack which finds out the ports which are open in other
Various forms of SQL injection attacks exist, devices. We use Metasploit framework for this
differentiated by the attacker's intent, objectives, or implementation as the port scanning is built-in for port
distinctive traits [6]. scanning. NMAP is used to scan for open ports in the
Some types of attacks are: - Metasploit: Nmap -v -sV 192.168.1.0/24 -oA subnet_1;
oA is used to save the results in the file named subnet_1,
1. Identifying vulnerable input fields This above scan was a SYN scan. There are 3 outcomes
2. Recognizing the database system for this scan
3. Analysing the database system
4. Modifying data 1. ACK received: meaning the port is open
5. Carrying out Denial-of-Service attacks and 2. RST (reset): Meaning port is closed
more. 3. No response: Meaning the port is covered by
a firewall
Strategies to prevent and mitigate SQL injection
vulnerabilities include implementing secure coding This method is used here as it is faster and has much
practices such as input validation, parameterized queries, better stealth. We use the SYN module from auxiliary to
and proper sanitization of user input. The proposed find the open ports
Methodology is given in Figure 1.
1. Use auxiliary/scanner/portscan/syn
The purpose of port scanning is to identify open ports 2. Set INTERFACE eth0
within a system, which attackers can leverage to carry out 3. Set PORTS 21
4. Set RHOSTS 192.168.1.0/24
different attacks and exploits. Many tools are designed for
5. Set THREADS 50
uncovering open ports, whereas the options for identifying
6. Run
attempts at port scanning are more restricted.6]
This will give the open ports on the IP addresses.
Certain perspectives consider port scanning not as a
network intrusion, but rather as a technique utilized to 1. Use auxiliary/scanner/portscan/tcp
discover potential vulnerabilities within a system.[7] 2. Set RHOSTS 192.168.56.1
3. Run
There are 4 types of port scanning: -
For the implementation of this attack, we will use two
1. TCP Connect Scan: This procedure entails tools such as PORTSWIGGER LABS, OWASP JUICE
attempting to create a complete TCP connection SHOP (SQLi TESTING WEBSITE)
with the ports of the target system. A successful
connection implies an open port if it is made. IV. IMPACT OF A SUCCESSFUL INJECTION
2. SYN/Stealth Scan: Often known as a half-open ATTACK
scan, this method entails dispatching SYN
An SQL injection attack, if executed successfully, can
packets to the target's ports. If a SYN-ACK
result in unauthorised access to sensitive data,
response is received, it signifies that the port is
encompassing passwords, credit card numbers, and
accessible. The goal of this scan is to reduce
personal user information. In recent years, a considerable
detection by bypassing the completion of the
number of well recognised instances of data breaches have
TCP handshake process.
been attributed to SQL injection attacks, leading to
3. Idle Scan: This strategy includes performing the
detrimental consequences such as damage to reputation
port scan through an intermediary, generally an
and the imposition of financial penalties by regulatory
idle zombie host. An attacker can avoid detection
bodies. Furthermore, it is possible for malicious actors to
and traceability by taking advantage of the trust
uncover a concealed ingress point within an entity's
relationship between the zombie host and the
information systems.
victim.
4. UDP Scan: This scan, unlike TCP Scan, is DETECTION OF SQLi MANUALLY
connection less. It involves sending UDP packets
to the ports to analyse the status of the port. 1. Executing the input of a single quotation
character ' and then observing for errors or
Differentiating between instances of harmful port irregularities.
scanning and legitimate port scanning can present a 2. Transmitting SQL-targeted syntax that
complex task. Often, a port scan could signify either an contrasts the initial entry value with another
effort by attackers to explore vulnerabilities or a value, and then scrutinizing the application's
responses for any systematic anomalies.
Authorized licensed use limited to: University of the West of England. Downloaded on March 12,2024 at 10:58:40 UTC from IEEE Xplore. Restrictions apply.
3. Dispatching Boolean conditions like OR 1=1 V. EXPERIMENTAL RESULTS
and OR 1=2 as inputs, and afterward
assessing divergences or distinctions in the This is an online shopping website which shows 12
application's responses. products initially. When we mount an attack by modifying
4. Sending payloads crafted to introduce delays the URL by adding the string +OR+1=1--. Here, the plus
during SQL query execution, followed by is for string concatenation in a URL and the OR 1=1-- is a
comparing response times to detect any Boolean expression which always returns true always.
variations. The Figure 2 and Figure 3 The double hyphen stands for comment in SQL. When
provides the home page before and after this URL is entered, the condition variable which hides the
attack. For example, let’s say there is a hidden products is commented. Hence, we get access to 8
shopping website with a certain URL: more products.
https://shopping- website.com/products?items=Blenders
https://shopping-website.com/products?items=Blenders’--
LOGIN BREACH:
Fig 1: Proposed Methodology of research As we can see we have logged in to the admin account
and are able to modify the account email details.
Authorized licensed use limited to: University of the West of England. Downloaded on March 12,2024 at 10:58:40 UTC from IEEE Xplore. Restrictions apply.
When we run this Nmap tool, we find the open ports in attacks occurring within a specific month, it was observed
this particular subnet. This gives us information on which that about 24.6% of these attacks were attributed to SQL
port can be accessed. In case of MySQL, it runs on port injections. According to the 2014 Global Threat
3306, a payload can be created to exploit this particular Intelligence Report published by NTT Corporation, it
port and get user access into the particular organization: highlighted a harsh reality: the mean post-incident costs
Nmap -v -sV 192.168.1.0/24 -oA subnet_1. associated with a minor-scale SQL injection assault
perpetrated by an organisation typically surpasses
$196,000 (equivalent to over 1.2 million yuan). [9]
Authorized licensed use limited to: University of the West of England. Downloaded on March 12,2024 at 10:58:40 UTC from IEEE Xplore. Restrictions apply.
[6]U. Kanlayasiri, “A Rule-based Approach for Port Scanning
Detection,” Electrical and Electronic Engineering Conference (EECON-
23), Thailand, pp.148-153, 2000.
[8]Peng Tang, Weidong Qiu, Zheng Huang, Huijuan Lian, Guozhen Liu,
Detection of SQL injection based on artificial neural network,
Knowledge-Based Systems, Volume 190, 2020, 105528, ISSN 0950-
7051, https://doi.org/10.1016/j.knosys.2020.105528
Authorized licensed use limited to: University of the West of England. Downloaded on March 12,2024 at 10:58:40 UTC from IEEE Xplore. Restrictions apply.