Wednesday, 3 April 2013

web application sql vulnerabilities testing

Experiment : given website application hosted in localhost/perpustakaan and my job is to check and penetrate the vulnerabilities of the system. To do it ethically i use OWASP testing guide as my reference guide.

firstly let's do some information gathering. type robots.txt in the end of the url to find the hidden url form the website. the target url is localhost/perpustakaan.



the results show the url directories that is hidden from user. now i will check each of them to know the content of the folders.






now let's focus on folder "tampilan" and check the filename containing word "view" > click "anggota_view1.php" and the result is :



gotcha! i now logged in as an admin and i can edit or delete data user, just like admin! now i will try to get the admin password by edit one of the data and check the vulnerabilities from SQL injection using sqlmap.


./sqlmap.py -u http://localhost/perpustakaan/proses/anggota_update1.php?id=301 --dbs



from sqlmap i know that the url is vulnerable with sql injection and get information about available databases. i choose the "sips" database which is looks connected to the target. i will dump the tables using sqlmap.


i got the table lists. now i will dump the "anggota" and "pegawai" table.

./sqlmap.py -u http://localhost/perpustakaan/proses/anggota_update1.php?id=301 -T anggota,pegawai --dump





voila! i got the username and password lists of the users and admins. i can use one of the lists to log in to the system :)







Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)