Share five famous SQL injection vulnerability scanning tools
A large number of modern enterprises adopt web applications to seamlessly connect with their customers, but due to incorrect coding, many security issues are caused. Vulnerabilities in web applications can allow hackers to gain direct access to sensitive information (such as personal data, login information, etc.).
Web applications allow visitors to submit data and retrieve data from a database over the Internet. The database is the heart of most web applications. The database maintains the data that the web application uses to deliver specific content to visitors. The web application also obtains data from the database when delivering information to customers and suppliers.
SQL injection attack is the most common web application attack technique, which attempts to bypass SQL commands. When the user input is not "sanitized", if this input is performed, it will exhibit a SQL injection vulnerability.
Checking for SQL injection vulnerabilities mainly involves two aspects, one is auditing the user's web application, and the other is the best way to perform the audit by using an automated SQL injection scanner. Here, the author lists some SQL injection scanners that are valuable to web application developers and professional security auditors.
1. SQLIer
SQLIer can find a URL with a SQL injection vulnerability on the website and generate SQL injection vulnerability based on the relevant information. , but it does not require user interaction. In this way, it can generate a UNION SELECT query, which can then brute force the database password. This program does not use quotes when exploiting the vulnerability, which means it can be adapted to a variety of websites.
SQLIer Strong password via "true/false" SQL injection vulnerability. With the help of the "true/false" SQL injection vulnerability strong password, users cannot query data from the database. They can only query a statement that can return "true" and "false" values.
According to statistics, an eight-character password (including any character in the decimal ASCII code) only takes about 1 minute to crack.
The usage syntax is as follows, sqlier [option] [URL]
The options are as follows:
-c :[主机] 清除主机的漏洞利用信息 -s :[秒]在网页请求之间等待的秒数 -u:[用户名]从数据库中强力攻击的用户名,用逗号隔开。 -w:[选项]将[选项]交由wget 此外,此程序还支持猜测字段名,有如下几种选择: --table-names [表格名称]:可进行猜测的表格名称,用逗号隔开。 --user-fields[用户字段]:可进行猜测的用户名字段名称,用逗号隔开。 --pass-fields [口令字段]:可进行猜测的口令字段名称,用逗号隔开。
Let’s talk about its basic usage:
For example, assume the following There is a SQL injection vulnerability in the URL:
example.com/sqlihole.php?id=1
We run the following command:
sqlier -s 10 example.com/sqlihole.php?id=1
to get enough information from the database to exploit its password , where the number "10" means to wait 10 seconds between each query.
If the table, username field, and password field names are guessed correctly, the exploit program will submit the username to the query and prepare to brute force attack the password from the database.
sqlier -s 10 example.com -u BCable,administrator,root,user4
However, if the built-in field/table name does not guess the correct field name, the user can execute:
sqlier -s 10 example.com --table-names [table_names] --user-fields [user_fields] --pass-fields [pass_fields]
Unless the correct table name, username field, and password are known field name, SQLIer cannot brute force attack the password from the database.
2. SQLMap:
This is an automatic "blind" SQL injection tool developed with python , which performs a dynamic database management system fingerprinting that enables complete enumeration of remote databases. The goal is to implement a fully functional database management system tool that is capable of exploiting all flaws in web application programming that can lead to SQL injection vulnerabilities.
After SQLMap detects one or more SQL injection vulnerabilities on the target system, the user can choose from multiple options to perform comprehensive back-end database management system fingerprinting and retrieve database management system sessions. Users and databases, enumerating users, password hashes, databases, running its own SQL SELECT statements, reading specific files on the file system, etc.
This software fully supports back-end database management systems such as MySQL, Oracle, PostgreSQL, and Microsoft SQL Server. In addition, it also recognizes Microsoft's Access database, as well as DB2, Informix, Sybase, Interbase, etc.
The usage method is as follows:
sqlmap.py [选项] {-u <URL> | -g <google dork> | -c <配置文件>}
其中,-u URL指明目标URL
-g google dork 将google dork结果处理为目标url3. SQLID:
This tool is a SQL injection vulnerability digger. is a command line utility that can find SQL injection vulnerabilities and common errors in websites. It can perform several operations: find SQL injection vulnerabilities in web pages, test submitted forms, and look for the possibility of SQL injection vulnerabilities. It also supports HTTP, HTTPS, Basic Authentication, and more.
Its usage is as follows:
Sqid.rb [Option]
The options are as follows:
-m,--mode MODE,它指明以某种模式进行操作,其中MODE有以下几种情况:g,google:以google搜索模式操作;u,url检查这个url;p,page,它主要检查单一的网页;c,crawl,检查站点。
Among them, the google search mode options are as follows In several cases, -q, --quary query, QUERY executes google search; -s, --start START, zero index of the first result required; -r, --results RESULTS, specify the required Number of results, default value is 20.
4. SQL Power Injector
SQL Power Injector可帮助渗透测试人员找到并利用网页上的漏洞。目前,它支持SQL Server、Oracle、MYSQL、Sybase/Adaptive Sever和DB2等数据库,但在使用inline注入时,还可借助现有的数据库管理系统来使用此软件。
其自动化的工作模式以两种方式进行,一是比较期望的结果,二是根据时间延迟。
其工作状态如图:
五、SQLNinja:
Sqlninja可以利用以SQL Server为后端数据支持的应用程序的漏洞,其主要目标是提供对有漏洞的数据库服务器的远程访问。Sqlninja的行为受到配置文件的控制,它告诉了Sqlninja攻击的目标和方式,还有一些命令行选项。比如,有如下一些命令选项:
-m<攻击模式>,其攻击模式有测试(test)、指纹识别(fingerprint)、强力攻击(bruteforce)等;
其它的命令选项,-v : 指明进行详细输出;-f:指明一个使用的配置文件。-w指明以强力攻击模式使用的单词列表。
如图是运行过程界面:
【相关推荐】
1. 特别推荐:“php程序员工具箱”V0.1版本下载
The above is the detailed content of Share five famous SQL injection vulnerability scanning tools. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What is the difference between HQL and SQL in Hibernate framework?
Apr 17, 2024 pm 02:57 PM
HQL and SQL are compared in the Hibernate framework: HQL (1. Object-oriented syntax, 2. Database-independent queries, 3. Type safety), while SQL directly operates the database (1. Database-independent standards, 2. Complex executable queries and data manipulation).
Usage of division operation in Oracle SQL
Mar 10, 2024 pm 03:06 PM
"Usage of Division Operation in OracleSQL" In OracleSQL, division operation is one of the common mathematical operations. During data query and processing, division operations can help us calculate the ratio between fields or derive the logical relationship between specific values. This article will introduce the usage of division operation in OracleSQL and provide specific code examples. 1. Two ways of division operations in OracleSQL In OracleSQL, division operations can be performed in two different ways.
Comparison and differences of SQL syntax between Oracle and DB2
Mar 11, 2024 pm 12:09 PM
Oracle and DB2 are two commonly used relational database management systems, each of which has its own unique SQL syntax and characteristics. This article will compare and differ between the SQL syntax of Oracle and DB2, and provide specific code examples. Database connection In Oracle, use the following statement to connect to the database: CONNECTusername/password@database. In DB2, the statement to connect to the database is as follows: CONNECTTOdataba
Detailed explanation of the Set tag function in MyBatis dynamic SQL tags
Feb 26, 2024 pm 07:48 PM
Interpretation of MyBatis dynamic SQL tags: Detailed explanation of Set tag usage MyBatis is an excellent persistence layer framework. It provides a wealth of dynamic SQL tags and can flexibly construct database operation statements. Among them, the Set tag is used to generate the SET clause in the UPDATE statement, which is very commonly used in update operations. This article will explain in detail the usage of the Set tag in MyBatis and demonstrate its functionality through specific code examples. What is Set tag Set tag is used in MyBati
What does the identity attribute in SQL mean?
Feb 19, 2024 am 11:24 AM
What is Identity in SQL? Specific code examples are needed. In SQL, Identity is a special data type used to generate auto-incrementing numbers. It is often used to uniquely identify each row of data in a table. The Identity column is often used in conjunction with the primary key column to ensure that each record has a unique identifier. This article will detail how to use Identity and some practical code examples. The basic way to use Identity is to use Identit when creating a table.
How to implement Springboot+Mybatis-plus without using SQL statements to add multiple tables
Jun 02, 2023 am 11:07 AM
When Springboot+Mybatis-plus does not use SQL statements to perform multi-table adding operations, the problems I encountered are decomposed by simulating thinking in the test environment: Create a BrandDTO object with parameters to simulate passing parameters to the background. We all know that it is extremely difficult to perform multi-table operations in Mybatis-plus. If you do not use tools such as Mybatis-plus-join, you can only configure the corresponding Mapper.xml file and configure The smelly and long ResultMap, and then write the corresponding sql statement. Although this method seems cumbersome, it is highly flexible and allows us to
How to solve the 5120 error in SQL
Mar 06, 2024 pm 04:33 PM
Solution: 1. Check whether the logged-in user has sufficient permissions to access or operate the database, and ensure that the user has the correct permissions; 2. Check whether the account of the SQL Server service has permission to access the specified file or folder, and ensure that the account Have sufficient permissions to read and write the file or folder; 3. Check whether the specified database file has been opened or locked by other processes, try to close or release the file, and rerun the query; 4. Try as administrator Run Management Studio as etc.
How to use SQL statements for data aggregation and statistics in MySQL?
Dec 17, 2023 am 08:41 AM
How to use SQL statements for data aggregation and statistics in MySQL? Data aggregation and statistics are very important steps when performing data analysis and statistics. As a powerful relational database management system, MySQL provides a wealth of aggregation and statistical functions, which can easily perform data aggregation and statistical operations. This article will introduce the method of using SQL statements to perform data aggregation and statistics in MySQL, and provide specific code examples. 1. Use the COUNT function for counting. The COUNT function is the most commonly used
