search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.16k stars 5.68k forks source link

Feature Suggestion #301

Closed franx47 closed 11 years ago

franx47 commented 11 years ago

Hi,

I just want to suggest on how SQLMap scanning process works.

SQLMap have a lot of features like passing any links found on Google dork searching, file list, or from logs. But, it just single link from 1 URL that might be or not has a vulnerable in it.

I maintain several sites and I use SQLMap to find any SQL injection vulnerabilities. Recently, one of my site has been injected using simple tool like Havij. Once patched, they search for another injection point link. Since my site has many links in it, I can't check it one by one, 1 dir has lot of PHP files in it. And I can't secure it one by one. What I can do is just check logs on database searching for any "%union%" value, block the attacker IP, and then patch it ASAP. But, it's too late, data have been leaked. Using .htaccess to block scanner or injection query string does not look effective.

Today, I found tool like Wapiti scanner, it can scan site directory and links and then test it one by one with injection modules. Also, it can be integrated with Nikto tool.

I was thinking, how if SQLMap able to scan for directory listing & links from 1 site, and then test it one by one with injection payload. I think that will be very rich feature, as it can also be integrated with MSF.

Is that possible to add this feature?

(sorry for bad english)

mukareste commented 11 years ago

If a site I maintain gets hacked somehow, I would review the code thoroughly. You may want to start using prepared statements in the scripts on your sites.

The fact that there are a lot of PHP scripts in multiple directories does not mean that you should not secure them.

bdamele commented 11 years ago

@franx47 --crawl --forms

franx47 commented 11 years ago

@mukareste : Yes, thanks for the suggestion. As far as I know, one way to prevent SQL Injection is using PDO statement for securing GET/POST value. But, it's a finished-project, it's impossible to change the core, as I'm using Smarty. FYI, I tried very very hard to secure my hundred PHP files by testing them one by one manually. And that consumes lot times. That's why, I suggest to SQLMap developers whether they can develop something automatic in scanning process, like directory/file listing scanning, not just scan only 1 URL link.

@inquisb : Oh thanks for the info, I'll update it from the latest repo.