A Case Study of SQL Injection Vulnerabilities Assessment of .bd Domain Web Applications

Alam, Delwar; Kabir, Alamgir; Bhuiyan, Touhid; Farah, Tanjila

doi:10.1109/cybersec.2015.23

Cited by 10 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Once the database is identified it further the attacks to exploit the system information of the database and the OS or webserver platform as shown in Table 1. As discussed in [13], the SQL was exploitable by syntax of one single quote as what we did in this research project. The number 10 did not exist in the SQL database we injected.…”

Section: Sql Injectionmentioning

confidence: 99%

“…With the syntax of one single quote inserted along the input 10, it makes the database exploitable. Order by query is used to treasure the number of column that exists in the database table and union select or union all select query is used to explore the vulnerable columns in the database table [13]. The usage of these queries can be observed in the sqlmap log file as displayed in Figure 5.…”

Section: Sql Injectionmentioning

confidence: 99%

See 1 more Smart Citation

Penetration Testing using Kali Linux: SQL Injection, XSS, Wordpres, and WPA2 Attacks

Gunawan

Lim

Kartiwi

et al. 2018

IJEECS

View full text Add to dashboard Cite

Nowadays, computers, smart phones, smart watches, printers, projectors, washing machines, fridges, and other mobile devices connected to Internet are exposed to various threats and exploits. Of the various attacks, SQL injection, cross site scripting, Wordpress, and WPA2 attack were the most popular security attacks and will be further investigated in this paper. Kali Linux provides a great platform and medium in learning various types of exploits and peneteration testing. All the simulated attack will be conducted using Kali Linux installed on virtual machine in a compuer with Intel Core i5 and 8 GB RAM, while the victim’s machine is the host computer which run Windows 10 version 1709. Results showed that the attacks launched both on web and firewall were conducted successfully.

show abstract

Section: Sql Injectionmentioning

confidence: 99%

Section: Sql Injectionmentioning

confidence: 99%

Penetration Testing using Kali Linux: SQL Injection, XSS, Wordpres, and WPA2 Attacks

Gunawan

Lim

Kartiwi

et al. 2018

IJEECS

View full text Add to dashboard Cite

show abstract

“…Others conducted case study on different web application vulnerability exploitations in various domains of Bangladesh. A study on three major SQLi techniques implemented on the educational and financial websites of Bangladesh and executes analysis web applications for figuring out the security condition [3], [4]. Another study found on LFI vulnerability and its exploitation techniques based on SQLi and RFI vulnerability in which they examined 153 LFI vulnerable web applications and shown its impact in Bangladesh [5].…”

Section: Literature Reviewmentioning

confidence: 99%

SAISAN: An Automated Local File Inclusion Vulnerability Detection Model

Hassan¹,

Bhuyian²,

Sohel³

et al. 2018

IJET

View full text Add to dashboard Cite

Communicating and delivering services to the consumers through web applications are now become very popular due to its user friendly interface, global accessibility, and easy manageability. Careless design and development of web applications are the key reasons for security breaches which are very alarming for the users as well as the web administrators. Currently, Local File Inclusion (LFI) vulnerability is found present commonly in several web applications that lead to remote code execution in host server and initiates sensitive information disclosure. Detection of LFI vulnerability is getting very critical concern for the web owner to take effective measures to mitigate the risk. After reviewing literatures, we found insignificant researches conducted on automated detection of LFI vulnerability. This paper has proposed an automated LFI vulnerability detection model, SAISAN for web applications and implemented it through a tool. 265 web applications of four different sectors has been examined and received 88% accuracy from the tool comparing with the manual penetration testing method.

show abstract

“…About 65% of the web applications were vulnerable to single quote (') attack. Another reason of this vulnerability is the development language used to build the web applications [8]. In the dataset 33% of the vulnerable web applications were built using php version 4.9 and older then this as shown in Figure 19.…”

Section: A Dataset 1: Basic Sqlimentioning

confidence: 99%

“…From the rest od the dataset, 4% were built using joomla and 9% were built using Microsoft asp.net. The vulnerability level is identified by the type and amount of data that could be retrieved from attacking the web applications [8]. The statistics of vulnerability level of educational websites of Bangladesh in shown in Figure 21.…”

Section: A Dataset 1: Basic Sqlimentioning

confidence: 99%