Using sqlmap to discover SQL vulnerabilities

Identifying Users

The command in Listing 3 reveals the tables that are present in the information database. The query reveals 65 tables (line 48; the output is abbreviated for clarity). At this point, an attacker would probably focus on the USER_PRIVILEGES table to look for possible privilege escalation opportunities. A pen tester must think like an attacker, so the next step is to run sqlmap with the --columns option to look for the names of the columns associated with the USER_PRIVILEGES table (Listing 4).

Listing 3

Discovering the Tables

 

Listing 4

Critical Columns

 

The most interesting column in the USER_PRIVILEGES table is the GRANTEE column, which appears to list the users who are granted privileges. A dump of the GRANTEE column shows one entry called admin (Listing 5).

Listing 5

Dumping Column Entries

 

It's a Wrap

At this point it's pretty obvious that any and all the data is vulnerable. You (or worse yet, a hacker) could go about dumping the contents of the credit card table, as well as any other tables of interest.

Sqlmap lets you search for SQL vulnerabilities without having to have specific knowledge about SQL versions and version vulnerabilities. If you are serious about protecting your online SQL resources, you would be wise to keep a tool like sqlmap in your pen test toolkit.

Infos

  1. Common Vulnerabilities and Exposures website: http://cve.mitre.org/
  2. sqlmap: http://sqlmap.org/
  3. Kali Linux: http://www.kali.org
  4. Kali Linux download: https://www.kali.org/downloads/
  5. Kali documentation: http://docs.kali.org/

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Security Lessons: Database Security

    Your database can be one of the most vulnerable elements in your organization. We share some tips for detecting and preventing attacks.

  • Intrusion 101

    You need to think like an attacker to keep your network safe. We asked security columnist Kurt Seifried for an inside look at the art of intrusion.

  • Web Security Dojo

    Protecting your own websites from attack either costs a lot of money or requires a lot of expertise. Web Security Dojo helps you learn to think like an expert.

  • Linux News

    News

    • Gnome 3.8 released
    • Aereo wins battle to stream broadcast TV

    openSUSE 12.3 Out

    • New browser engine
    • Pirates on the run
    • Ubuntu reduces non‑LTS support

    Projects

    • OpenDaylight open source framework
    • ASF promotes CloudStack
  • MySQL Workbench 5.1

    A small database is easy to plan on paper, but the structure quickly becomes more complex as you add more elements. MySQL Workbench can help you keep the tables arranged.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News