A Technical Review of SQL Injection Tools and Methods: A Case Study of SQLMap
Keywords:
SQL Injection, SQLMap, SQL Tools, Blind Injection, Website VulnerabilitiesAbstract
SQL injection is considered one of the most dangerous threats to websites and also databases, such vulnerability enabling the attacker to access the web and the databases. As it accesses databases it might change, steal the data, or destroy the database utterly. Currently, and with the implementation of sqlmap found in the literature being scarce and limited, SQL injection detection tools and methods are used without any detailed analysis of their strength and weakness. This paper demonstrated different types of SQL injection with an example, also we know how to detect the SQL injection, the paper shows the important tools that enable the detection of dangerous attacks to prevent the SQL injection and compares them according to the important performance parameter measures. Finally, with the implementation adopted on an ethical and legal website, the proposed paper implemented the most important tool which is called sqlmap. The implementation results reveal access to the database and extract the username and password.
Downloads
References
Tahir, F., A. Mitrovic, and V. Sotardi, Investigating the causal relationships between badges and learning outcomes in SQL-Tutor. Research and Practice in Technology Enhanced Learning, 2022. 17(1): p. 7.
Falor, A., et al. A Deep Learning Approach for Detection of SQL Injection Attacks Using Convolutional Neural Networks. in Proceedings of Data Analytics and Management. 2022. Singapore: Springer Singapore.
Shah, A., et al., Blood Bank Management and Inventory Control Database Management System. Procedia Computer Science, 2022. 198: p. 404-409.
Nouby M. Ghazaly, A. H. H. . (2022). A Review of Using Natural Gas in Internal Combustion Engines. International Journal on Recent Technologies in Mechanical and Electrical Engineering, 9(2), 07–12. https://doi.org/10.17762/ijrmee.v9i2.365
Baptista, K., E.M. Bernardino, and A.M. Bernardino. Detecting SQL Injection Vulnerabilities Using Artificial Bee Colony and Ant Colony Optimization. in Information Systems and Technologies. 2022. Cham: Springer International Publishing.
Ahmad, K. and M. Karim, A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure. (IJACSA) International Journal of Advanced Computer Science and Applications, 2021. 12(6).
Pawan Kumar Tiwari, Mukesh Kumar Yadav, R. K. G. A. . (2022). Design Simulation and Review of Solar PV Power Forecasting Using Computing Techniques. International Journal on Recent Technologies in Mechanical and Electrical Engineering, 9(5), 18–27. https://doi.org/10.17762/ijrmee.v9i5.370
Hu, H., Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system. Vol. 1839. 2017. 020205.
Azman, M.A., M.F. Marhusin, and R. Sulaiman, Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science, 2021. 17(3).
Vyamajala, S., T.K. Mohd, and A. Javaid. A Real-World Implementation of SQL Injection Attack Using Open Source Tools for Enhanced Cybersecurity Learning. in 2018 IEEE International Conference on Electro/Information Technology (EIT). 2018.
Algaith, A., et al. Finding SQL Injection and Cross Site Scripting Vulnerabilities with Diverse Static Analysis Tools. in 2018 14th European Dependable Computing Conference (EDCC). 2018.
Chen, D., et al., SQL Injection Attack Detection and Prevention Techniques Using Deep Learning. Journal of Physics: Conference Series, 2021. 1757(1): p. 012055.
Schwanz, L.E., et al., Best practices for building and curating databases for comparative analyses. Journal of Experimental Biology, 2022. 225(Suppl_1): p. jeb243295.
Ping-Chen, X., SQL injection attack and guard technical research. Procedia Engineering, 2011. 15: p. 4131-4135.
Saidu Aliero, M., et al., Classification of Sql Injection Detection And Prevention Measure. IOSR Journal of Engineering, 2016. Volume 6: p. 06-17.
Hlaing, Z.C.S.S. and M. Khaing. A Detection and Prevention Technique on SQL Injection Attacks. in 2020 IEEE Conference on Computer Applications(ICCA). 2020.
Tang, P., et al., Detection of SQL injection based on artificial neural network. Knowledge-Based Systems, 2020. 190: p. 105528.
Natarajan, K. and S. Subramani, Generation of Sql-injection Free Secure Algorithm to Detect and Prevent Sql-Injection Attacks. Procedia Technology, 2012. 4: p. 790-796.
Jang, Y.-S. and J.-Y. Choi, Detecting SQL injection attacks using query result size. Computers & Security, 2014. 44: p. 104-118.
Halfond, W.G.J. and A. Orso. Detection and Prevention of SQL Injection Attacks. in Malware Detection. 2007. Boston, MA: Springer US.
Ramasamy, P. and S. Abburu, SQL INJECTION ATTACK DETECTION AND PREVENTION. International Journal of Engineering Science and Technology, 2012. 4.
Ananthakrishnan, B., V. . Padmaja, S. . Nayagi, and V. . M. “Deep Neural Network Based Anomaly Detection for Real Time Video Surveillance”. International Journal on Recent and Innovation Trends in Computing and Communication, vol. 10, no. 4, Apr. 2022, pp. 54-64, doi:10.17762/ijritcc.v10i4.5534.
Al-Maliki, M.H.A. and M.N. Jasim, Review of SQL injection attacks: Detection, to enhance the security of the website from client-side attacks. International Journal of Nonlinear Analysis and Applications, 2022. 13(1): p. 3773-3782.
Ventura, R., Blind SQL Injection Attacks Optimization. 2020. 99-109.
SOOD, M. and S. SINGH. Study on sql injection-threats, attacks, types, prevention techniques and tools. in Proceedings of International Conference on Recent Innovations in Engineering and Technology. 2017.
Widiastuti, W. and A. Susanto, SQL Injection dengan Tools Havij dan Sqlmap. 2017.
Kushwaha, J. and D. Soni, A Survey on Malware & Session Hijack Attack over WebEnvironments. IOSR Journal of Computer Engineering (IOSR-JCE), 2018. 20(2): p. 30-35.
Boyapati, B. ., and J. . Kumar. “Parasitic Element Based Frequency Reconfigurable Antenna With Dual Wideband Characteristics for Wireless Applications”. International Journal on Recent and Innovation Trends in Computing and Communication, vol. 10, no. 6, June 2022, pp. 10-23, doi:10.17762/ijritcc.v10i6.5619.
Pundlik, S., SQLIJHS: SQL Injection Attack Handling System. International Journal of Engineering Research & Technology (IJERT), 2013. 2.
Liban, A. and S.M. Hilles, Enhancing Mysql Injector vulnerability checker tool (Mysql Injector) using inference binary search algorithm for blind timing-based attack. 2014. 47-52.
Wheeler, R. BlindCanSeeQL: Improved Blind SQL Injection For DB Schema Discovery Using A Predictive Dictionary From Web Scraped Word Based Lists. 2015.
Gupta, D. J. . (2022). A Study on Various Cloud Computing Technologies, Implementation Process, Categories and Application Use in Organisation. International Journal on Future Revolution in Computer Science &Amp; Communication Engineering, 8(1), 09–12. https://doi.org/10.17762/ijfrcsce.v8i1.2064
Muhammad, K., SQL injection detection and exploitation framework for penetration testing. 2019, London Metropolitan University.
Jose, A., et al., A Novel Approach for Password Cracking by Integrating Sqlsus and John the Ripper, in International Conference on Emerging Computer Applications. 2020. p. 111-123.
Kumar, S., Gornale, S. S., Siddalingappa, R., & Mane, A. (2022). Gender Classification Based on Online Signature Features using Machine Learning Techniques. International Journal of Intelligent Systems and Applications in Engineering, 10(2), 260–268. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/2020
Azman, M., M.F. Marhusin, and R. Sulaiman, Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science, 2021. 17: p. 296-303.
Foong Yew, J. and S. Vinesha. A Study of SQL Injection Hacking Techniques. in Proceedings of the 3rd International Conference on Integrated Intelligent Computing Communication & Security (ICIIC 2021). 2021. Atlantis Press.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.