🔍

Exploring SQL Injection: Pentesting Insights

Oct 5, 2024

Penetration Testing Diaries - Episode 1: SQL Injection

Overview of the Series

  • New weekly series exploring penetration testing (pentesting) techniques and tools.
  • Aim to demystify pentesting techniques and provide a deeper understanding of attacks.
  • Share personal knowledge and experiences as a penetration tester.
  • Realistic view of pentesting through practical labs.

Cyber Ranges Platform

  • Introduction to the platform for practical labs: Cyber Ranges.
  • Cyber ranges offer a more advanced version of online virtual lab platforms (e.g., Hack The Box, TryHackMe).
  • Purpose: Provide experiential knowledge needed for proficiency in cybersecurity roles.
  • Labs can be used directly from the browser; no need to set up your own environment.
  • Free to use with registration required.

Episode Focus: SQL Injection

  • Objectives of the episode: Explaining SQL injection and its implications.

What is SQL Injection?

  • A type of code injection attack that exploits vulnerabilities in web applications using SQL statements.
  • SQL (Structured Query Language) is used with relational databases (e.g., MySQL, PostgreSQL).
  • To test for SQL injection vulnerabilities, the web application must be using a relational database.

Identifying Injection Points

  • Look for areas in the application for input (e.g., login forms, URL parameters).
  • Check for unfiltered inputs where SQL statements can be injected.
  • Common starting point: Testing the ID parameter in URLs.

Types of SQL Injection Attacks

  1. Error-based SQL Injection
    • Attackers exploit error messages returned by the database to gain information about its structure.
  2. Union-based SQL Injection
    • Combines results from multiple SQL statements using the UNION operator.
  3. Blind SQL Injection
    • Attackers do not see error messages; they infer information based on responses (two types):
    • Boolean-based Blind - Uses conditional statements to determine true/false.
    • Time-based Blind - Forces the database to wait before responding to identify vulnerabilities.

Demonstration: SQL Injection Lab

  • Using a sample web application and performing an Nmap scan to identify services running.
  • Experimenting with SQL injection by manipulating the ID parameter in the URL.
  • Using SQLMap to automate SQL injection testing.
    • SQLMap identifies database management system (DBMS) and tests for vulnerabilities.
    • Lists databases and tables within the identified DBMS.

Practical Steps Taken

  • Connected to target web server, navigated through the website.
  • Manipulated URL by changing ID values to determine response behavior.
  • Confirmed vulnerability by injecting single quotes to trigger errors.
  • Explored SQLMap’s functionalities, extracting and dumping data from the targeted database.

Conclusion and Future Content

  • Encouragement to provide feedback and suggestions for future videos.
  • Future episodes will build on concepts from the current episode.
  • Emphasis on sharing more labs and learning materials through Cyber Ranges.

Call to Action

  • Viewers encouraged to check out Cyber Ranges for practical labs.
  • Viewers should leave feedback and suggestions for future episode topics.

Full transcript