Discover SQL Injection on a Web Server

A SQL Injection attack occurs when an application processes user-supplied data to create an SQL statement without first validating its entry and then submitting the statement to a database server for execution.

When successfully exploited, a SQL Injection attack can give an attacker access to the contents of the database, run system commands remotely, and in some cases, take control of the server that hosts the database.

It depends on where the error is in the code, how easy it is to exploit the error, and what access the application has to the database.

Theoretically, an SQL Injection attack could be performed on any type of application, but it is most commonly associated with web applications because they are more vulnerable.

Test procedure

Replace the value of each parameter with one only rate and an SQL keyword such as WHERE. Try each parameter separately. When testing parameters, leave all other parameters with their valid data unchanged.

Today we will learn another scan tool that is a kind of SQL Injection vulnerability scanner like SQLMAP which is the most popular tool to date.

ViSQL is the SQL Injection vulnerability scanner, which not only scans the Destination URL, but also the entire server by doing and reverse IP domain.

You can easily scan the SQL vulnerability for the URL itself on all sites on the same server.

Installing viSQL on Kali Linux

To install viSQL, enter " git clone At your terminal.

The above command automatically creates a folder named "viSQL" in the same directory as you run the command. To display all files, type ” cd viSQL && ls At your terminal.

The second method s is the download of the file with the help of wget and run with the help of python command.

Mandate:  wget
Mandate: sudo python2

After that, to run viSQL, just type “python -h ”Which shows the help menu of the viSQL tool.

To scan a website using viSQL, type “python -t "

Now let viSQL do the work of. viSQL will do it first Reverse IP Lookup to list the domains located on this target IP and then crawl each site to find a vulnerable SQL parameter. If viSQL finds any potential SQL Injection in the target, then it will display the vulnerable link in our terminal.

Here you can see that viSQL started the crawl process on our destination site and found many sites that may be vulnerable to SQL Injection attacks.

After the scan is complete, viSQL starts the SQLi scanning process which lists all the vulnerable SQL URLs as you can see below.

Now hold this link and then start doing SQL injection manually through the browser or automatically, using SQLMAP or HAVIJ.

* SQLMAP is for Linux users and HAVIJ is for Windows users.

Secure web applications in SQL Injection

You need to follow some security rules to prevent SQL Injection attacks.

Restrict database users 'rights because successful SQL attacks are based on database users' credentials.

Although restrictive permissions may not prevent SQL attacks, you can make the attacks more difficult to implement.

Do not grant user access to all processes stored on the system if your users need to access only a few. The Best Technology Site in Greecefgns

Subscribe to via Email

Subscribe to this blog and receive notifications of new posts by email.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).