Authors : Tanzila Hasan Pinky; Kaniz Ferdous; Jarin Tasnim; Kazi Shohaib Islam

Volume/Issue : Volume 9 - 2024, Issue 5 - May

Google Scholar : https://tinyurl.com/pe9fcvwb

Scribd : https://tinyurl.com/mtk6nj6y

DOI : https://doi.org/10.38124/ijisrt/IJISRT24MAY501

Abstract : SQL (Structured Query Language) injection represents a security weakness that enables attackers to run SQL commands within a web applications database. When exploiting a designed application lacking input validation a malicious actor can control input data to execute SQL queries. The objective of detecting SQL injection vulnerabilities is to identify any section of a web application to user input exploitation, for SQL injection attacks and confirm that the application adequately validates user inputs. The aim of this project is to try and form an attack chain and test the same against any website to assess the website for any weak links and identify any entry points that an attacker could use to penetrate the system and take control of the same. From the paper it is figured that most of the tools only check the vulnerability for the given URL and do not crawl through the webpages and find if the vulnerability is present in any of the other pages. In this project, we are taking the additional step to confirm that there are no vulnerabilities mentioned in this research present in any of the webpages.

Keywords : SQL Injection, SQL Queries, Vulnerabilities, Website, URL, Webpages.

References :

1. Alde Alanda, D. S. (September 2021). Web Application Penetration Testing Using SQL Injection. International Journal On Informatics Visualization, 320-326.
2. Shobana R, D. M. (2020). A Thorough Study On SQL Injection Attack-Detection And Prevention Techniques And Research Issues. Journal of Information and Computational Science, 135-143.
3. Bandi Aruna, B. U. (2020). SQLID Framework In Order To Perceive SQL Injection Attack on Web Application. ICRAEM.
4. GitHub. (n.d.). sqlmapproject. Retrieved from GitHub: https://github.com/sqlmapproject/sqlmap
5. Invicti. (n.d.). SQL Injection Cheat Sheet. Retrieved from Invicti: https://www.invicti.com/blog/web-security/sql-injection-cheat-sheet/
6. Chris Sullo, D. L. (n.d.). Nikto2. Retrieved from CIRT.net: https://cirt.net/Nikto2
7. Kali. (n.d.). dirbuster. Retrieved from Kali: https://www.kali.org/tools/dirbuster/
8. Malware Bytes. (n.d.). What is SQL Injection. Retrieved from Malware Bytes: https://www.malwarebytes.com/sql-injection
9. Wagner, R. (n.d.). How To Test for SQL Injections [Complete Guide]. Retrieved from Code Intelligence: https://www.code-intelligence.com/blog/how-to-test-for-sql-injections
10. Moradov, O. (2022, May 12). 5 SQL Injection Test Methods and Why to Automate Your Testing. Retrieved from Bright: https://brightsec.com/blog/sql-injection-test
11. nmap.org. (n.d.). Nmap: the Network Mapper. Retrieved from nmap.org: https://nmap.org/
12. Abdalla Hadabi, E. E. (March 2022). An Efficient Model to Detect and Prevent SQL Injection Attack. Journal of Karary University for Engineering and Science (JKUES), 141-146.
13. OWASP. (n.d.). SQL Injection | OWASP Foundation. Retrieved from OWASP: https://owasp.org/www-community/attacks/SQL_Injection
14. OWASP. (n.d.). WSTG - Latest | OWASP Foundation. Retrieved from OWASP: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection
15. Singh, S. (2022, July 07). Common SQL Injection Attacks. Retrieved from Pentest Tools: https://pentest-tools.com/blog/sql-injection-attacks
16. Software Testing Help. (2022, October 25). SQL Injection Testing Tutorial (Example and Prevention of SQL Injection Attack). Retrieved from Software Testing Help: https://www.softwaretestinghelp.com/sql-injection-how-to-test-application-for-sql-injection-attacks/