Using sqlmap to discover SQL vulnerabilities
The Tester
SQL injection is a big problem on the Internet. The handy sqlmap utility will tell you if you need to worry about an SQL attack in your own web environment.
SQL injection is one of the most common forms of network intrusion. An SQL injection attack typically exploits a problem in the SQL code – for instance, incorrect filtering for string literal escape characters or insufficient type checking. If you watch the Common Vulnerabilities and Exposures website [1], you'll see that new SQL injection attacks are discovered every week.
Software developers and Linux distribution maintainers are constantly watching for new SQL injection problems, which are often fixed through a security patch. However, many potential problems fall through the cracks – either on the development side or because a busy webmaster doesn't have time to install every patch and upgrade every system.
More importantly, some attack vectors haven't been discovered or adapted yet, so even if you do your best to keep your own systems up to date, it is still a good idea to look for potential problems yourself.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia