Detecting and Exploiting SQL Injection Vulnerabilities in website

Introduction

We’ll be using the docker to deploy the DVWA on your computer then using the SQLmap for the exploiting the services.

Requirements:

• Docker
• Web-DVWA
• SQLMAP

Docker install:

This command will ‘install’

sudo apt update
sudo apt install -y docker.io
sudo systemctl enable docker --now 
docker
sudo usermod -aG docker $USER
newgrp docker

Okayy then now let’s install the DVWA - Damn Vulnerable web application, It is designed for security professionals and enthusiasts to practice common web vulnerabilities in a legal and controlled environment. DVWA provides a platform to learn about and test various security issues, such as SQL injection, Cross-Site Scripting (XSS), and more.

DVWA Deploy:

docker run --rm -it -p 80:80 vulnerables/web-dvwa

• docker run: This command is used to run a Docker container.
• -rm: This flag specifies that the container should be removed automatically when it exits.
• it: This flag stands for “interactive” and “tty”. It allows you to interact with the container’s command line.
• p 80:80: This flag maps port 80 of the container to port 80 of the host system. This means that any traffic directed to port 80 on the host will be forwarded to port 80 within the container.
• vulnerables/web-dvwa: This is the name of the Docker image to be used. In this case, it’s pulling an image named “web-dvwa” from the “vulnerable” repository.

Docker commands:

These are few command which can help manage the docker run the container from the images. whether to remove from the file or to login into the system.

docker container ls 
docker exec -it [container-id] bash 
sudo docker rmi vulnerables/web-dvwa 
docker stop [container-id] 
docker rm [container-id]

Let’s Strat with the Exploiting

here is the command which can be used for this examples.

sqlmap -u (url) --cookie="PH=VALUE; security=low" --tables

Explanation:

• sqlmap: This is the command used to execute SQLMap, a popular tool for automated detection and exploitation of SQL injection vulnerabilities.
• u "URL": This flag specifies the target URL where you suspect a SQL injection vulnerability. Replace "URL" with the actual URL of the target website, for example: u "<http://192.168.136.131/sqlmap/mysql/get_int.php?id=1>".
• -cookie="cookies": This flag is used to maintain session state by passing cookies to the server. Replace "cookies" with the actual cookie string. For example, -cookie="PHPSESSID=abcdef1234567890".
• T tables: This flag tells SQLMap to enumerate the database for tables. Replace "tables" with the appropriate command or flag based on the SQLMap version you’re using. This command will instruct SQLMap to list all the tables in the database that it has detected.

sqlmap -u (url) --cookie="PH=vlaue; security=low" --schema --batch

• schema: This option tells SQLMap to enumerate the database schema after successfully exploiting it. The database schema typically includes table names, columns, and possibly other database objects.
• -batch: This option makes SQLMap run in batch mode, meaning it will automatically select the default option for any prompts or questions, without requiring user interaction. This is useful for automation purposes where you don’t want to manually intervene in the process.

sqlmap -u (url) --cookie="PH=vlaue; security=low" --columns -T users --batch

• C columns: This option instructs SQLMap to enumerate the columns of the specified database table. It works in conjunction with the D option to specify the database and the T option to specify the table.
• D USERS: This option specifies the name of the database where the table is located. Replace USERS with the actual name of the database.

sqlmap -u (url) --cookie="PH=vlaue; security=low" --dump -T users --batch

• --dump: This option tells SQLMap to dump the contents of the specified table(s) after enumerating the columns. It retrieves the data from the database table(s) and displays it.