SQL Injection Analysis, Detection, Exploitation and Report Generation
Keywords:
Anonymous, Cybercrime, Database, Security professional tool, SQL injection, VulnerabilityAbstract
In today’s modern world everything have become digital. Now everything is dependent on websites via the internet. Every
user is dependent on a relevant application, and every application has a database, what if the database is vulnerable to exploitation,
typically a sequel injection. “SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL
statements are inserted into an entry field for execution.” Let’s say that you are auditing a web application and found a web page that
accepts dynamic user-provided values via GET, POST or Cookie parameters or via the HTTP User-Agent request header. You now want to
test if these are affected by SQL injection vulnerability, and if so exploit then to retrieve as much information as possible from the back-end
database management system, even be able to access the underlying file system and operating system.
Developing an SQL Injection tool to detect, exploit and form a report to state the level of vulnerability in the web application. Using
Python language as a platform and Tkinter as a framework to develop GUI. Whole procedure (action) will be automated by the help of this
tool called as “SQL-I AUTO”. Admin Finder, Dynamic IP changing (being Anonymous) over the network, information gathering of the
site owner will be some additional features of this tool. SQL-I AUTO will 1) Identify the vulnerable parameters. 2) Identify which SQL
injection techniques can be used to exploit the vulnerable parameters. 3) Fingerprint the back-end database management system. 4)
Providing IP hiding facilities over the network
