How to Find SQLMAP 2021 VULN Web
– Vuln or Vulnerability is a defect in the system/infrastructure that allows unauthorized access by exploiting the flaw in the system.
Meanwhile, SQLMAP is an open source penetration test tool that functions automatically to detect and exploit SQL injection flaws and master database server transfers.
In simple terms SQLMAP can also be interpreted as a tool that can detect and perform automatic exploitation of SQL Injection bugs.
SQL Injection is one of the old website exploits or hacking techniques that is still effective and capable today.
For the hacking technique used, usually the hacker will enter the codes in the database that has a gap to be injected.
So that hackers will get some important data from the web such as admin username and password.
Automatically hackers will be able to log in and take control of the website.
Discussion on How to Find SQLMAP VULN Web
If you are an admin and want to find loopholes or vulnerabilities in managed websites, then you can take advantage of NMAP.
Because NMAP has a feature called NSE (NMAP Script Engine) which is a collection of scripts for programming languages.
These scripts will be used to find weaknesses and find some important information on the website or server, for example http-sql-injection and others.
For more details, you can refer to the following review on how to search the SQLMAP VULN web.
How to Search SQLMAP VULN Web
How to Find SQLMAP VULN Web Using SQL Injection
How to Find SQLMAP VULN Web Using SQL Injection |
So that it can be used freely to search the VULN SQLMAP web using SQL Injection.
- Please open the SQL Injection web via the following link, Click here.
- Then write the following command:
nmap -T4 -sV –script http-sql-injection testphp.vulnweb.com -v
Information:
- nmap: Keyword to run the app
- -T4: This is a template provided by nmap so that the scanning process runs faster and optimally.
- -sV: To see the version of the application used on the host.
- –script: Command to run NSE script
- http-sql-injection: A script used to perform SQL Injection scanning.
- testphp.vulnweb.com: Target to be scanned.
- -v: A flag that allows you to see the scanning process in detail.
- After executing the command, it will display the following results:
root@TechnoArt:~# nmap -T4 -sV –script http-sql-injection testphp.vulnweb.com -v
Starting Nmap 7.40 ( https://nmap.org ) at 2021-05-20 21:27 WIB NSE: Loaded 41 scripts for scanning. NSE: Pre-scanning scripts. Initiating NSE at 21:27 Completed NSE at 21:27, 0.00s elapsed Initiating NSE at 21:27 Completed NSE at 21:27, 0.00s elapsed Initiating Ping Scan at 21:27 Scanning testphp.vulnweb.com (176.28.50.165) [4 ports] Completed Ping Scan at 21:27, 0.42s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 21:27 Completed Parallel DNS resolution of 1 host. at 21:27, 1.01s elapsed Initiating SYN Stealth Scan at 21:27 Scanning testphp.vulnweb.com (176.28.50.165) [1000 ports] Discovered open port 143/tcp on 176.28.50.165 Discovered open port 22/tcp on 176.28.50.165 Discovered open port 110/tcp on 176.28.50.165 Discovered open port 80/tcp on 176.28.50.165 Discovered open port 21/tcp on 176.28.50.165 Increasing send delay for 176.28.50.165 from 0 to 5 due to 78 out of 194 dropped probes since last increase. Increasing send delay for 176.28.50.165 from 5 to 10 due to 20 out of 49 dropped probes since last increase. Discovered open port 8443/tcp on 176.28.50.165 Discovered open port 465/tcp on 176.28.50.165 Warning: 176.28.50.165 giving up on port because retransmission cap hit (6). Completed SYN Stealth Scan at 21:28, 38.79s elapsed (1000 total ports) Initiating Service scan at 21:28 Scanning 12 services on testphp.vulnweb.com (176.28.50.165) Completed Service scan at 21:30, 138.10s elapsed ( 12 services on 1 host) NSE: Script scanning 176.28.50.165. Initiating NSE at 21:30 Completed NSE at 21:31, 27.47s elapsed Initiating NSE at 21:31 Completed NSE at 21:31, 1.08s elapsed Nmap scan report for testphp.vulnweb.com (176.28.50.165) Host is up ( 0.30s latency). rDNS record for 176.28.50.165: rs202995.rs.hosteurope.de Not shown: 981 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.3e 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0) 25/tcp open smtp Postfix smtpd 53/tcp filtered domain 80/tcp open http nginx 1.4.1 |_http-server-header: nginx/1.4.1 | http-sql-injection: | Possible sqli for queries:
| http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/AJAX/../showimage.php?file=%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/artists.php?artist=2%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/artists.php?artist=1%27%20OR%20sqlspider | http://testphp.vulnweb.com/artists.php?artist=3%27%20OR%20sqlspider | http://testphp.vulnweb.com/listproducts.php?cat=1%27%20OR%20sqlspider | http://testphp.vulnweb.com/listproducts.php?cat=4%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/listproducts.php?cat=3%27%20OR%20sqlspider | http://testphp.vulnweb.com/listproducts.php?cat=2%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider |_ http://testphp.vulnweb.com/AJAX/../showimage.php?file=%27%20OR %20sqlspider
106/tcp open pop3pw poppassd 110/tcp open pop3 Courier pop3d 143/tcp open imap Plesk Courier imapd 417/tcp filtered onmux 465/tcp open ssl/smtp Postfix smtpd 993/tcp open ssl/imap Plesk open 995/imap /pop3 Courier pop3d 1102/tcp filtered adobeserver-1 1524/tcp filtered ingreslock 3128/tcp filtered squid-http 4000/tcp filtered remoteanything 7100/tcp filtered font-service 8080/tcp open http-proxy? 8443/tcp open http lighttpd |_http-server-header: sw-cp-server Service Info: Hosts: rs202995.rs.hosteurope.de, localhost.localdomain; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel NSE: Post-scanning script. Initiating NSE at 21:31 Completed NSE at 21:31, 0.00s elapsed Initiating NSE at 21:31 Completed NSE at 21:31, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 208.35 seconds Raw packets sent: 1791 (78.780KB) | Rcvd: 1379 (55,220KB) root@TechnoArt:~#
- Writing or code that is in bold (bold) and says spider is a web that is prone to SQL Injection attacks. You can prove it by copying one of the red links below.
http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/AJAX/../showimage.php?file=%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/artists.php?artist=2%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/artists.php?artist=1%27%20OR%20sqlspider | http://testphp.vulnweb.com/artists.php?artist=3%27%20OR%20sqlspider | http://testphp.vulnweb.com/listproducts.php?cat=1%27%20OR%20sqlspider | http://testphp.vulnweb.com/listproducts.php?cat=4%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider | http://testphp.vulnweb.com/listproducts.php?cat=3%27%20OR%20sqlspider | http://testphp.vulnweb.com/listproducts.php?cat=2%27%20OR%20sqlspider | http://testphp.vulnweb.com/search.php?test=query%27%20OR%20sqlspider |_ http://testphp.vulnweb.com/AJAX/../showimage.php?file=%27%20OR %20sqlspider
- Then paste the link in one of the browsers on your device, just use Google Chrome. The website will automatically open as usual.
- Please add special characters like ‘ (quotes) at the end of the link and the result is as below.
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”’ at line 1 Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /hj/var/www/listproducts.php on line 74
Writing like the one above will appear on the website which indicates an error in SQL syntax and is prone to SQL attacks.
The final word
You can try some of the steps above to be able to see the SQLMAP VULN web on the website.
Make sure each step is done correctly for the process to be successful.
Because if it works, you can find out if the website is safe or vulnerable to hacker attacks.
That way, you can anticipate it quickly.
Post a Comment for "How to Find SQLMAP 2021 VULN Web"