ZuoTi.Pro
Question

SQLmap • A numbered step - by - step explanation of the attack (sscreenshots may help)).....

SQLmap

• A numbered step - by - step explanation of the attack (sscreenshots may help)).. The ex - planation should be of the level that any passing student of this class could replicate the attack with a few hours work..

• A brief summary of any theory (ttechnical theory,, security principles,, etc..)) that might be relevant to the attack..

• Supply a brief explanation of how the attack works..

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

SQLMAp is an open source tool. This is used for automating the task of detection and exploiatation of sql injection flaw in the web application.

This supports the below Database management systems
Mysql,MSSQLserver,sybase, MS Access oracle etc...


Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.

Example 1


Consider the following php code segment:

$variable = $_POST['input'];
mysql_query("INSERT INTO `table` (`column`) VALUES ('$variable')");

INSTALL SQLMAP AND LET US START USING THE BELOW

SYNTAX TO SHOW SQLMAP HELP

python sqlmap.py --help


GENERAL SYNTAX

python sqlmap.py -u "http(s)://target[:port]/[...]/[page]?param=val[&...]"

python sqlmap.py -u "http://127.0.0.1:8O80/groups/productsCatalouge.php?category=1"

EXTRACTING DATA FROM DATABASES
RECOVER SESSION USER USING SQLMAP.
--current-user

DETECT CURRENT DATABASE USING SQLMAP.
--current-db

FIND OUT IF SESSION USER IS DATABASE ADMINISTRATOR USING SQLMAP.
--is-dba

LIST DATABASE SYSTEM USERS USING SQLMAP.
--users

LIST DATABASES USING SQLMAP.
--dbs
Enume

Once you inject into database using above queries you can get data what ever you want. This is how we can inject into a data base and alter data.

0 0
Add a comment
Know the answer?
Add Answer to:
SQLmap • A numbered step - by - step explanation of the attack (sscreenshots may help)).....
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Everything is clear. Could Someone Help Me Please. Thanks In Advance refer to Exhibit 1-7 answer...

    Everything is clear. Could Someone Help Me Please. Thanks In Advance refer to Exhibit 1-7 answer the following questions: 1. WRITE 6-7 SENTENCES FOR YOUR RESPONSE: What is (are) the ethical issue(s) in this situation? WRITE 7-8 SENTENCES FOR YOUR RESPONSE: What are Jane's responsibilities as a management accountant? 3. WRITE 8-9 SENTENCES FOR YOUR RESPONSE: Has Jane violated any part of the IMA Statement of Ethical Professional Practice? Support your answer. Ethics and casual conversations: Jane is an accountant...

  • A new version of the operating system is being planned for installation into your department’s production...

    A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...

  • Summary Write a program that demonstrates the skills you’ve learned throughout this quarter. This type of...

    Summary Write a program that demonstrates the skills you’ve learned throughout this quarter. This type of project offers only a few guidelines and requirements, allowing you to invest as much time, effort and imagination as you want.  Submit your java programs (*.java) and any other I/O (*.txt) via Canvas  You’ve worked quite hard to make it this far, so have a bit of fun with this project! Design Brief: Use Case Scenario You are hired to develop a...

  • Directions: The student will utilize Marjory Gordon’s Functional Health Patterns as a template for self-assessment. By...

    Directions: The student will utilize Marjory Gordon’s Functional Health Patterns as a template for self-assessment. By applying a theoretical model of change, the student will also identify a desired health-related goal for self and the process to achieve that goal. The student should not disclose any personal information that the student determines to be sensitive in nature and/or private or confidential. For example, the student should not disclose that he/she is taking a specific medication or consulting with health care...

  • Help I have taken this test so many times : These tests are intended for master's...

    Help I have taken this test so many times : These tests are intended for master's and doctoral students. Read these directions carefully! The below test includes 10 questions, randomly selected from a large inventory. Most questions will be different each time you take the test, You must answer at least 9 out of 10 questions correctly to receive your Certificate. You have 40 minutes to complete each test, and you must answer all 10 questions in order to to...

  • DQ1. What is an Audit Work Program (some call it Audit Program)? The audit work program...

    DQ1. What is an Audit Work Program (some call it Audit Program)? The audit work program - Email Surveillance Audit Program – What is the structure and contents including various audit steps. Find 1-2 steps in the audit program where the audit software can be used. How can audit software be used to gather evidence?. (the Audit program (Email Surveillance Audit Program details is attached). DQ3. Review the contents of the Audit Manual of Office of University Audits at University...

  • To fully address this case assignment, please read and analyze each assigned case. Your response for each case should be...

    To fully address this case assignment, please read and analyze each assigned case. Your response for each case should be numbered and provide the following: 1.      Summarize the key OB issues in the case relative to this week's material (at least 2 key issues MUST be identified). Be sure to speak in OB language, using appropriate terminology to identify the concepts and issues you identify. 2.      Clearly link the key issues in the case back to relevant and specific course...

  • i have the case study question with the answers but i need help to re-write the...

    i have the case study question with the answers but i need help to re-write the answers. please see the attached files Case Study Analysis (CSF3003) Assessment Description and Requirements CLO1: Case Study 1 Ahmad lef home to study master and PhD in Australia. He has fees for the first semester only. After he arrived to Sydney and settled down, he start looking for a part-time job to save money for the next term. Ahmad has some experience on making...

  • The discussion: 150 -200 words. Auditing We know that computer security audits are important in business....

    The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT