DOI QR코드

DOI QR Code

Using SQLMAP to Detect SQLI Vulnerabilities

  • Almadhy, Waad (Department of Computer Science, College of Computer and Information Sciences, Jouf University) ;
  • Alruwaili, Amal (Department of Computer Science, College of Computer and Information Sciences, Jouf University) ;
  • Hendaoui, Saloua (Department of Computer Science, College of Computer and Information Sciences, Jouf University)
  • Received : 2021.12.05
  • Published : 2022.01.30

Abstract

One of the most discussed topics is cyber security when it comes to web application and how to protect it and protect databases. One of the most widely used and widespread techniques is SQLI, and it is used by hackers and hackers. In this research, we touched on the concept of SQLI and what are its different types, and then we detected a SQLI vulnerability in a website using SQLMAP. Finally, we mentioned different ways to avoid and protect against SQLI.

Keywords

Acknowledgement

The authors would like to thank the Deanship of Graduate Studies at Jouf University for funding and supporting this research through the initiative of DGS, Graduate Students Research Support (GSR) at Jouf University, Saudi Arabia.

References

  1. Ojagbule, O., Wimmer, H., & Haddad, R. J. (2018, April). Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP. In SoutheastCon 2018 (pp. 1-7). IEEE.
  2. Tasevski, I., & Jakimoski, K. (2020, November). Overview of SQL Injection Defense Mechanisms. In 2020 28th Telecommunications Forum (TELFOR) (pp. 1-4). IEEE.
  3. Patel, D., Dhamdhere, N., Choudhary, P., & Pawar, M. (2020, September). A System for Prevention of SQLi Attacks. In 2020 International Conference on Smart Electronics and Communication (ICOSEC) (pp. 750-753). IEEE.
  4. Rajeh, W., & Abed, A. (2017, August). A novel three-Tier SQLi detection and mitigation scheme for cloud environments. In 2017 International Conference on Electrical Engineering and Computer Science (ICECOS) (pp. 33-37). IEEE.
  5. Ping, C., Jinshuang, W., Lanjuan, Y., & Lin, P. (2020, September). SQL Injection Teaching Based on SQLi-labs. In 2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE) (pp. 191-195). IEEE.
  6. Aliero, M. S., Ghani, I., Qureshi, K. N., & Rohani, M. F. A. (2020). An algorithm for detecting SQL injection vulnerability using black-box testing. Journal of Ambient Intelligence and Humanized Computing, 11(1), 249-266. https://doi.org/10.1007/s12652-019-01235-z
  7. Singh, S., & Kumar, A. (2020). Detection and prevention of sql injection. International Journal of Scientific Research & Engineering Trends, 6(3), 1642-1645.
  8. Li, Q., Li, W., Wang, J., & Cheng, M. (2019). A SQL injection detection method based on adaptive deep forest. IEEE Access, 7, 145385-145394. https://doi.org/10.1109/access.2019.2944951
  9. Voitovych, O. P., Yuvkovetskyi, O. S., & Kupershtein, L. M. (2016, September). SQL injection prevention system. In 2016 International Conference Radio Electronics & Info Communications (UkrMiCo) (pp. 1-4). IEEE.
  10. Hu, J., Zhao, W., & Cui, Y. (2020, February). A Survey on SQL Injection Attacks, Detection and Prevention. In Proceedings of the 2020 12th International Conference on Machine Learning and Computing (pp. 483-488).
  11. Malik, M., & Patel, T. (2016). Database security attacks and control methods. International Journal of Information, 6(1/2), 175-183.
  12. H. Alsobhi and R. Alshareef, "SQL Injection Countermeasures Methods," 2020 International Conference on Computing and Information Technology (ICCIT-1441), 2020, pp. 1-4, doi: 10.1109/ICCIT144147971.2020.9213748.
  13. B. Appiah, E. Opoku-Mensah and Z. Qin, "SQL injection attack detection using fingerprints and pattern matching technique," 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), 2017, pp. 583-587, doi: 10.1109/ICSESS.2017.8342983.
  14. Kareem, F. Q., Ameen, S. Y., Salih, A. A., Ahmed, D. M., Kak, S. F., Yasin, H. M., ... & Omar, N. (2021). SQL injection attacks prevention system technology. Asian Journal of Research in Computer Science, 13, 32.
  15. Priyadharshini, S., & Rajmohan, R. (2017). Analysis on database security model against NOSQL injection. Int. J. Sci. Res. Comput. Sci., Eng. Inf. Technol, 2(2), 168-171.
  16. Hlaing, Z. C. S. S., & Khaing, M. (2020, February). A detection and prevention technique on sql injection attacks. In 2020 IEEE Conference on Computer Applications (ICCA) (pp. 1-6). IEEE.