As with any system written by humans there are bound to remain some vulnerabilities and one of the most common vulnerabilities for web systems are the SQL injections. To a normal user this may not seem like much but to a hacker this is the gateway to have control over entire site at worst even an entire server. So protecting your site from these attacks is quite essential and it should be a systemic design with security kept in mind from the ground up.
Locating sites vulnerable to SQL Injections is trivial and can be done using your favourite search engines, automated assessment tools like Acunetix and can also be observed by checking any input parameter of the target web application. Some common ways these vulnerabilities are added to seemingly secure content management systems like Joomla and WordPress is through use of vulnerable plugins.
Once you’ve located the vulnerability the next step is to exploit it. Exploitation can be done manually by the attacker using any browser of choice or it can be automated by tools such as havij.
What is Havij?
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injection vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
Using Havij
After location the vulnerable target URL, you paste it in Havij and analyse the target
Figure 1 Specifying the target URL for analysis
Once analysis is complete and this could take some time you will be able to view the databases on the server and also view the data in the database tables. You can even explore the database and locate the tables that contain login information which you can use to gain access to the administrative portal of the web application.
Figure 2 Browsing the target database schema
Figure 3 Browsing through the web application admin table data
All these attacks can be thwarted if the correct security measure are put in place and also if the web application is inherently designed with security in mind from the ground up. The use of web application firewalls is also recommended since they can identify more attack signatures that may not be catered for in the security of the application.
