SCRIPT HTTP-SQL-INJECTION (NMAP)
Download: click here for http-SQL-injection.nse
The first and most basic use of Nmap scripts is to check for known vulnerabilities on a target system. Nmap comes with a large number of built-in scripts that can be used to check for common vulnerabilities such as SQL injection, cross-site scripting (XSS), and weak passwords. To run a script, simply specify the script name as an argument to the Nmap command. For example, to check for SQL injection vulnerabilities on a target system, you can use the following command:
nmap --script=http-sql-injection <target>
Another useful feature of Nmap scripts is the ability to run a set of scripts in a specific order. This can be done by specifying multiple script names as arguments to the Nmap command. For example, to run a set of scripts that check for common web application vulnerabilities, you can use the following command:
nmap --script=http-sql-injection,http-xss,http-weak-passwords <target>
In addition to the built-in scripts, Nmap also allows you to create and run your own scripts. This can be useful if you need to check for a specific vulnerability or misconfiguration that is not covered by the built-in scripts. Nmap scripts are written in Lua, a lightweight and easy-to-learn programming language. To run a custom script, simply specify the script file name as an argument to the Nmap command.
nmap --script=<script-file> <target>
In addition to the above, Nmap also has options to run scripts in parallel, in order to speed up the process and also options to run script with specific categories like vuln, auth, default etc.
More
http-sql-injection.errorstrings
“http-sql-injection.errorstrings” is a Nmap script that attempts to detect SQL injection vulnerabilities in web servers by sending a series of payloads and analyzing the error messages returned by the server. These error messages can reveal information about the underlying database and its configuration, which can be used to exploit the vulnerability. The script is part of Nmap’s “http-vuln-*” family of scripts, which are designed to test for various web application vulnerabilities.
http-sql-injection.withindomain
“http-sql-injection.withindomain” is a Nmap script that checks for SQL injection vulnerabilities within a given domain. The script uses various payloads and techniques to try and inject malicious SQL code into web pages, and then checks the server’s response to determine if the injection was successful. If a vulnerability is found, the script will report the specific URL and parameter that is vulnerable. It’s important to note that this script does not exploit the vulnerability, it only checks for it.
http-sql-injection.url
This command uses the Nmap tool to run the “http-sql-injection.url” script against a target IP address (specified after the script name). The script attempts to detect and exploit SQL injection vulnerabilities in web servers. It does this by testing for common SQL injection payloads in the URL parameters of a web server’s HTTP requests. If the script detects a vulnerability, it will report the details, including the specific payload that was used to exploit it.
http-sql-injection.maxpagecount
The “http-sql-injection.maxpagecount” option is a parameter that can be used with the “http-sql-injection.url” script in Nmap. It specifies the maximum number of pages that should be checked for SQL injection vulnerabilities when the script is run. This can be useful for limiting the scope of the scan and avoiding unnecessary network traffic.
For example
if you want to limit the script to check only the first 10 pages of a website you can use the command like this:
nmap --script http-sql-injection.url --script-args http-sql-injection.maxpagecount=10 <target_IP>
It’s worth noting that setting a low value for the maxpagecount option may reduce the chances of detecting all vulnerabilities present on the website
slaxml.debug
The “slaxml.debug” option in Nmap is used to enable debugging output for the Nmap Scripting Engine (NSE) library “slaxml”. This library is used to parse and process XML data in NSE scripts. Enabling this option will cause Nmap to output additional information about the processing of XML data in the NSE scripts being run. This can be useful for troubleshooting and debugging issues with NSE scripts that use XML data.
Example Usage
nmap -sV --script=http-sql-injection <target>
Output
PORT STATE SERVICE
80/tcp open http syn-ack
| http-sql-injection:
| Possible sqli for queries:
| http://foo.pl/forms/page.php?param=13'%20OR%20sqlspider
| Possible sqli for forms:
| Form at path: /forms/f1.html, form's action: a1/check1.php. Fields that might be vulnerable:
| f1text| Form at path: /forms/a1/../f2.html, form's action: a1/check2.php. Fields that might be vulnerable:
|_ f2text
conclusion
Nmap scripts are a powerful and versatile tool that can be used for a wide range of vulnerability scanning tasks. Whether you are looking for known vulnerabilities or need to check for custom vulnerabilities or misconfigurations, Nmap scripts provide a flexible and efficient way to get the job done.
#wrap