Sqlmap is an open-source, popular penetration testing tool that automates the detection process and leverages some SQL injection flaws to take over the database service.
SQLMAP supports HTTP cookie features, all of which can be used for two purposes:
1. Cookie-based authentication when required by the Web application;
2. Detect and use SQL injected values in such header fields.
By default, Sqlmap supports get parameters and post parameters. When the level value is set to 2 or higher, it also tests the value of the HTTP Cookie header. When set to 3 or higher, it also tests the SQL injection of HTTP user-agent and HTTP Referer headers. It is possible to manually specify the table for the sqlmap you want to test. It also relies on the value set by level.
Tested HTTP parameter level in Sqlmap GET 1 (default) POST 1 (default) http Cookie 2≥ http user-agent 3 ≥ HTTP Referer 3≥
For example, only the ID of the get parameter and the HTTP user-agent are tested, providing-P id,user-agent.
Here's an example of how to test an HTTP Cookie with the security parameter:
./sqlmap.py-u ' http://127.0.0.1/vulnerabilities/sqli/?id=1&Submit=Submit# '--cookie= ' phpsessid= 0E4JFBRGD8190IG3UBA7RVSIP1; Security=low '--string= ' first name '--dbs--level 3-p phpsessid
–string tags compare valid pages with invalid pages due to injection, the other side of the –DBS flag is often used to enumerate the database management system, and finally, Mark-P sets the test with the PHPSESSID variable.
Tools for SQL injection: Select its detection accuracy or the coverage of the input vectors
In order to answer this question, we have uncovered the results provided by sectoolmarket.com, we can assume that the candidate scanner's detection accuracy and input vector coverage are as important as support, we consider GET, POST, HTTP Cookie and HTTP Headers should be supported as input vectors. When all of these parameters are supported, the coverage of this scanner is 100%. We recommend the following equation algorithm, which means a vulnerability scanner that adapts to an average score.
After averaging the ratio of the accuracy of the inspection, we get a copy of the following results (the first 14-bit scanners):
Rank Vulnerability Scanner Vendor Detection rate Input Vector Coverage Average Score1 Arachni tasos Laskos 100% 100% 100%2 Sqlmap sqlmap developers 97.06% 100% 98,53%3 IBM AppScan IBM Security Sys Division 93.38% 100% 96,69% 4 Acunetix WVS Acunetix 89.71% 100% 94,85% 5 ntospider NT Objectives 85.29% 100% 92,64% 6 Nessus tenable Network Security 82.35% 100% 91,17% 7 webinspect HP Apps Security Center 75.74% 100% 87,87% 8 burp Suite Pro Portswigger 72.06% 100% 86,03% 9 Cenzic Pro Cenzic 63.24% 100% 81,62% skipfish michal Zalewski–google 50.74% 100% 75,37% wapiti OWASP 100.00% 50% 75.00% 12 Netsparker Mavituna Security 98.00% 50% 74.00% Paros Pro Milescan Technologies 93.38% 50% 71,69% ZAP OWASP 77,21% 50% 63,60% span>
We can show a graph representing the vulnerability scanner through their average score, which defines their detection accuracy for teammate SQL injection defects and their input vectors coverage.
Sqlmap: An open-source, popular penetration testing tool