Discover SQL Injection on a Web Server

A SQL Injection occurs when an application processes user-supplied data to generate an SQL statement without first validating their input and then submits the statement to a database server for execution.

When successfully exploited, a SQL Injection attack can give an attacker access to the contents of the database, run system commands remotely, and in some cases, take control of the server that hosts the database.

It depends on where it is in the code, how easy it is to exploit the bug, and what access the application has to the database.

Theoretically, an SQL Injection attack could be performed on any type of application, but it is most commonly associated with web applications because they are more vulnerable.

Test procedure

Replace the value of each parameter with one only rate and an SQL keyword such as WHERE. Try each parameter separately. When testing parameters, leave all other parameters with their valid data unchanged.

Today we will learn another scan tool that is a kind of SQL Injection vulnerability scanner like  which is the most popular tool to date.

ViSQL is the SQL Injection Vulnerability Scanner which not only scans the target URL but also the entire server by doing and reverse IP domain.

You can easily scan the SQL vulnerability for the URL itself on all sites on the same server.

Installing viSQL on Kali Linux

To install viSQL, enter " git clone https://github.com/blackvkng/viSQL.git At your terminal.

The above command automatically creates a folder named "viSQL" in the same directory as you run the command. To display all files, type ” cd viSQL && ls At your terminal.

The second installation method is to download the file installer.py with the help of wget and run installer.py with the help of the command .

Mandate:  wget https://raw.githubusercontent.com/blackvkng/viSQL/master/installer.py
Mandate: sudo python2 installer.py

After that, to run viSQL, just type “python viSQL.py -h ”Which shows the help menu of the viSQL tool.

To scan a website using viSQL, type “python viSQL.py -t www.example.com "

Now let viSQL do its job. ViSQL will do it first Reverse IP Lookup to list the domains located on this target IP and then crawl each site to find a vulnerable SQL parameter. If viSQL finds any potential SQL Injection in the target, then it will display the vulnerable link in our terminal.

Here you can see that viSQL started the crawl process on our destination site and found many sites that may be vulnerable to SQL Injection attacks.

After the scan is complete, viSQL starts the SQLi scanning process which lists all the vulnerable SQL URLs as you can see below.

Now hold this link and then start doing SQL injection manually through the browser or automatically, using SQLMAP or HAVIJ.

* SQLMAP is for Linux users and HAVIJ is for Windows users.

Secure web applications in SQL Injection

You need to follow some security rules to prevent SQL Injection attacks.

Restrict database users 'rights because successful SQL attacks are based on database users' credentials.

Although restrictive permissions may not prevent SQL attacks, you can make the attacks more difficult to implement.

Do not grant user access to all processes stored on the system if your users need to access only a few.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).