Scribd Logo
Upload

Welcome to Scribd!

  • Mdshanawaz 142 C

    Uploaded by

    DH Pachchinavar Mechanical
    6 views13 pages
    This document summarizes an internship seminar presentation about exploiting websites using SQLMap. The presentation covered an introduction to SQL injection vulnerabilities and how SQLMap can be used to test for these vulnerabilities. It described how SQLMap works, the objectives of using the tool, and the system design. Steps for implementing SQLMap were provided, including how to open the tool and start an SQL injection test on a website. The conclusion reflected on lessons learned from the internship experience.

    Original Description:

    Original Title

    Mdshanawaz.142.c.

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes an internship seminar presentation about exploiting websites using SQLMap. The presentation covered an introduction to SQL injection vulnerabilities and how SQLMap can be used to test for these vulnerabilities. It described how SQLMap works, the objectives of using the tool, and the system design. Steps for implementing SQLMap were provided, including how to open the tool and start an SQL injection test on a website. The conclusion reflected on lessons learned from the internship experience.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views13 pages

    Mdshanawaz 142 C

    Uploaded by

    DH Pachchinavar Mechanical
    This document summarizes an internship seminar presentation about exploiting websites using SQLMap. The presentation covered an introduction to SQL injection vulnerabilities and how SQLMap can be used to test for these vulnerabilities. It described how SQLMap works, the objectives of using the tool, and the system design. Steps for implementing SQLMap were provided, including how to open the tool and start an SQL injection test on a website. The conclusion reflected on lessons learned from the internship experience.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    Department of Computer Science and Engineering

    Internship Seminar

    EXPLOTATION OF WEB USING SQL MAP

    Presented By:
    Name:md.shanawaz
    Roll Number: 160921733142
    CSE-IIIC(V-Sem)
    UNDER THE GUIDANCE OF
    MRS.TRIVEKA
    (ASSISTANT PROFESSOR) CSE.DEPT
    Contents
    • Introduction
    • Overview
    • System Design
    • Implementation & Results
    • Conclusion
    Introduction
    • As an intern at Huntmetrics Pvt Ltd, a leading cybersecurity
    company, I've had the privilege of learning from industry
    experts in Cyber threat Hunting Cybersecurity Risk Advisory,
    and Critical Infrastructure.
    • Threat Hunting Mastery: Huntmetrics employs cutting
    edge technologies and threat intelligence to proactively detect
    and neutralize elusive cyber threats, offering valuable insights
    into identifying and mitigating evolving threats.
    • Cybersecurity Risk Advisory: The company provides strategic
    guidance, conducting risk assessments and crafting robust
    cybersecurity policies to empower clients in managing
    technology risks effectively.
    • Critical Infrastructure Security: Huntmetrics specializes in
    safeguarding critical infrastructure through tailored solutions,
    including threat modelling, vulnerability assessments, and
    incident response strategies
    Overview
    • SQLMap is a penetration testing tool that can be used to test websites for SQL injection vulnerabilities 1. The
    main objective of using SQLMap is to identify and exploit security flaws in web applications that use SQL
    databases 1.

    • SQL injection is a code injection technique that allows attackers to execute malicious SQL queries that control a
    web application’s database 1. By exploiting SQL injection vulnerabilities, attackers can gain unauthorized access
    to sensitive information stored in databases 1.

    • SQLMap can help you test whether a website is vulnerable to SQL injection by checking whether a ‘GET’
    parameter is vulnerable to SQL injection 1. For example, if a website URL is of the form
    http://testphp.vulnweb.com/listproducts.php?cat=1, where the ‘GET’ parameter is in bold, then the website may
    be vulnerable to SQL injection 1.

    • SQLMap can also help you identify the following security issues in your web application:

    • SQL injection: This is a type of attack that exploits vulnerabilities in SQL databases to execute malicious code 1.
    • Cross-site scripting (XSS): This is a type of attack that injects malicious scripts into web pages viewed by other
    users 1.
    • File inclusion: This is a type of attack that allows an attacker to include files on a web server 1.
    • Directory traversal: This is a type of attack that allows an attacker to access files outside of the web server’s root
    directory 1.
    OBJECTIVES
    SQLMap is a penetration testing tool that can be used to test websites for SQL injection vulnerabilities
    1. The main objective of using SQLMap is to identify and exploit security flaws in web applications that
    use SQL databases 1.

    SQL injection is a code injection technique that allows attackers to execute malicious SQL queries that
    control a web application’s database 1. By exploiting SQL injection vulnerabilities, attackers can gain
    unauthorized access to sensitive information stored in databases 1.

    SQLMap can help you test whether a website is vulnerable to SQL injection by checking whether a
    ‘GET’ parameter is vulnerable to SQL injection 1. For example, if a website URL is of the form
    http://testphp.vulnweb.com/listproducts.php?cat=1, where the ‘GET’ parameter is in bold, then the
    website may be vulnerable to SQL injection 1.

    SQLMap can also help you identify the following security issues in your web application:

    SQL injection: This is a type of attack that exploits vulnerabilities in SQL databases to execute
    malicious code 1.
    Cross-site scripting (XSS): This is a type of attack that injects malicious scripts into web pages viewed
    by other users 1.
    File inclusion: This is a type of attack that allows an attacker to include files on a web server 1.
    Directory traversal: This is a type of attack that allows an attacker to access files outside of the web
    server’s root directory 1
    SYSTEM DESIGN
    Implementation
    Step 1 − To open sqlmap, go to Applications → 04-Database
    Assessment → sqlmap.
    Step 2 − To start the sql injection testing, type “sqlmap – u URL of
    victim”
    Step 3 − From the results, you will see that some variable are
    vulnerable
    Conclusion
    The Ethical Hacking internship has been transformative,
    bridging theory and practice. It emphasized collaboration,
    continuous learning, and ethical considerations. This hands-
    on experience enhanced technical skills, instilled a holistic
    approach, and heightened my sense of responsibility. As I
    conclude, I carry forward a commitment to ongoing learning
    and a proactive role in the dynamic field of ethical hacking.
    THANK YOU

    You might also like