Sql map Manual Vulnerability Assessment

Information Security Asked by Badddy on December 20, 2020

I am trying to do penetration testing for one of my client.
The platform is Code ignitor.
There is an endpoint /find/1
The function queries the vehicle table where vehicle ID is 1 with no sanity check.

Now I tried Acunetix scanner and it found both blind SQL and normal SQL injection on the website.
I need to show my client there is actually a flaw so I used sqlmap with various options

Like I know the backend DB is mysql, —skip-WAF

Ok endpoint /find/1*
Which means to inject at positive of asterisk.

Sqlmap performed detail evaluation however couldn’t exploit the vulnerability. I did the risk and verbose to see the queries myself as well.

What I noticed that * is marked as non permitted character in config of code ignitor which prevents sqlmap from making select * from… etc queries.

My Question:

Shall I assume that the website is safe? Since I can see in the code that sanity check has not been performed on the “input data”.

One Answer

It depends on what you mean by "no sanity check" is performed on the input parameter. If this means that the application takes the parameter, concatenates it into a SQL query and sends it to the database, the application is vulnerable for sure. Only blocking * is not enough to protect against SQL injection.

Never assume the site is safe, if you have doubts about it! Even if you are not able to create a working exploit, you should recommend implementing database queries using prepared statements (or similar mechanisms). It is considered best practice and there is usually no reason not to use them.

Answered by Demento on December 20, 2020

Add your own answers!

Related Questions

Help in Suricata rule bitmask syntax problem

1  Asked on January 18, 2021 by khalid


Challenge-Response authentication and SSL

1  Asked on January 16, 2021 by thunderbolt


Network intrusion security warning in router logs

2  Asked on January 15, 2021 by helpme123


Securing Android Application API access

1  Asked on January 13, 2021 by a-android-ucg


Sqlmap and multipart/form-data forms

2  Asked on January 8, 2021 by brigante


Shared Text Content – XSS Safe

1  Asked on January 8, 2021 by newb-4-you-bb


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP