Nmap: cek sql injection vulnerability

From OnnoWiki
Jump to navigation Jump to search

Sumber: https://nmap.org/nsedoc/scripts/http-sql-injection.html


File http-sql-injection

Script types: portrule
Categories: intrusive, vuln
Download: http://nmap.org/svn/scripts/http-sql-injection.nse 


Penggunaan

Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack. It also extracts forms from found websites and tries to identify fields that are vulnerable.

The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more complicated is better suited to a standalone tool.

We may not have access to the target web server's true hostname, which can prevent access to virtually hosted sites.


Contoh Penggunaan

nmap -sV --script=http-sql-injection <target>

Contoh Output

PORT   STATE SERVICE
80/tcp open  http    syn-ack
| http-sql-injection:
|   Possible sqli for queries:
|     http://foo.pl/forms/page.php?param=13'%20OR%20sqlspider
|   Possible sqli for forms:
|     Form at path: /forms/f1.html, form's action: a1/check1.php. Fields that might be vulnerable:
|       f1text
|     Form at path: /forms/a1/../f2.html, form's action: a1/check2.php. Fields that might be vulnerable:
|_      f2text