SQLMAP to test sql injection

StackOverflow https://stackoverflow.com/questions/18657741

Question

I ran SQLMAP to test SQL injection for one of the site, and got the below information.

sqlmap identified the following injection points with a total of 78 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=666' AND 1737=1737 AND 'pQMi'='pQMi
---
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 1.1.4322, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005

I am not sure, to what extent is this site vulnerable with this much information?

Was it helpful?

Solution

First sqlmap found the vulnerability in only 78 request meaning this wouldn't take long to discover and Injection based attacks is the top threat in 2013. With this information the only limitations are privileges set up by the database administrator, different SQL syntax, and the attacker's imagination. It is likely that it would be trivial to extract data out and/or destroy data.

From OWASP:

SQL Injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind.

Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.

The bottom of the results show other potentially exploitable information that could allow a more targeted attack. Programs such as Metasploit (packaged in SQLMAP) could then be use to target vulnerabilities in Microsoft SQL Server 2005, Windows Vista, and/or Microsoft IIS 7.0. If the attacker found they couldn't get to what they wanted due to their level of access in sql server they could exploit MSSQL 2005 for user privilege escalation. Any piece of information that can be gained can be used for a different exploit path to gain access/alter your data.

More Information about the type of problem you have

2013 top threats by owasp

SQL Server 2005 Vulnerabilities

IIS 7.0 Vulnerabilities

OTHER TIPS

This information tells you that the website is probably vulnerable to blind sql injection. Blind SQL injection gives you the ability to guess valid data from the database. You don't really get any response, but when you input invalid data the response will be different than when you input valid data. E.g. you will get a page not found message if the data is invalid. It is possible to guess character by character so this is still a dangerous vulnerability.

With the possibility of a single SQL injection your entire db becomes vulnerable. If cautiously tried data from your tables can also be deleted, other attacks could be random data updates, querying the information that should not be accessible by default. Sql injection has a potential to cause more damage then XSS attacks. So in every case should be avoided.

On the better side this kind of attacks are easiest to avoid. Only you should cautiously avoid creating/making use of dynamic SQL queries (ever). Best practice would be to use Stored Procedures and any inputs should be passed as parameters to the procedures.

Here is a link that you should refer for further details visit this MSDN link

First The server sending information through exception, about the 

1)type of Server
2)Version of application server
3)Database software and version
4)And Most important the The sql can be manipulate by passing malicious string. and vulnerable to blind SQL injection.

validate and sanitize request parameter, and use parameterized sql.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top