Paper on Sql Injection
DSomala
OriginalityReport.pdf
1/20/2021 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=ffbb1f0f-2818-43b8-8b29-2f956467818c&course_id… 1/4
%23
%19
SafeAssign Originality Report Database Security - 202130 - CRN253 - Zavgren • Week 2 Paper
%42Total Score: High riskDinesh Babu Somala Submission UUID: 7ec5b61d-678a-6b7f-4e2c-318d974ae1a4
Total Number of Reports
1 Highest Match
42 % Dinesh Babu Somala - Paper on Sql Inject…
Average Match
42 % Submitted on
01/20/21 04:38 PM EST
Average Word Count
751 Highest: Dinesh Babu Somala - Paper on …
%42Attachment 1
Internet (4)
hackingtools gbhackers mendel-journal
cps-vo
Institutional database (6)
Student paper Student paper Student paper
Student paper Student paper Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 751 Dinesh Babu Somala - Paper on Sql Injection.docx
1 3 9
7
4 2 8
5 10 6
1 hackingtools 3 gbhackers 4 Student paper
1/20/2021 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=ffbb1f0f-2818-43b8-8b29-2f956467818c&course_id… 2/4
Source Matches (16)
Dinesh Babu Somala 2
Dinesh Babu Somala 2
The Insider Leak of Data via SQL Injection
Dinesh Babu Somala
New England Collge – Database Security
Introduction
SQL map is an open-source injection tool that takes over database servers and automates exploitation and detection of SQL injection flaws. It has a tremendous
detection engine and a range of database fingerprinting switches to access file systems and use the underlying out-of-band connections to execute commands on the operating system. Therefore, it is necessary to explore the abstractness of using an automated SQL injection tool. Manual SQL injection testing necessitates more substantial effort with minimum assurance to locate each vulnerability, extract, or view the database. For instance, return error messages, guessing database structure information, and adding apostrophes were arduous. According to Maraj, Rogova, Jakupi & Grajqevci (2017), using an automated SQL tool has facilitated security scans on web applications and websites. This ensures that all security parameters are crosschecked against multiple web application security variants. Also, (Maraj, Rogova, Jakupi & Grajqevci, 2017) the tool enables professionals to work on tasks concurrently. SQL injection triggers the backend database server to perform intended queries to execute a command, access information, or bypass authentication in the remote host. The queries are carried out by inputting given operational characters through web pages input forms. Hence, it enables attackers to execute several tasks on remote machines. An automated SQL injection tool checks for
vulnerability at runtime. The approach mitigates malicious SQL statements by putting constraints on the run time environment. Perfect security can be obtained by appending or reinstate the secured SQL statement. In particular, Sqlmap detects the loophole and use several options to enumerate users, read specific files on the file system, carry out extensive backend database management, retrieve database and DBMS session users, and eradicate specific or entire DBMS. Studies by Joseph & Jevitha (2016) affirm that SQLmap is optimal and provides several capabilities to penetration testers by ensuring an automatic database query execution to extract and enumerate data. A simple command can retrieve data including users, tables, roles, columns, privileges, and password hashes and combines the password hash format automatic recognition. Sqlmap facilitates users' option to dump a range of entries, entire database tables, or specific columns. Penetration testers can
eliminate a range of characters from each column entry (Uwagbole, Buchanan & Fan, 2017). The tool enhances the search for particular database elements. As such, professionals can locate tables with custom application credentials through which appropriate column names having string pass and name. with a Microsoft SQL
Server, MySQL, or PostgresSQL, the tool enables uploading and downloading files from the database server. It also executes and retrieves arbitrary commands alongside their standard outputs within the database server operating system (Joseph & Jevitha, 2016). The Sqlmap creates an out-of-band TCP connection
between the underlying operating system's database server and the attacker machine in a similar realm. Users can use an engaging prompt, graphical user interface, or a meterpreter session to execute commands. Sqlmap can detect and exploit multiple SQL injection types. It replaces the affected parameter in the HTTP
request with a statement string to retrieve the output. Sqlmap inferences character by character of the injected statement's output. The incorporated bisection algorithm can locate every output character with seven HTTP requests (Uwagbole, Buchanan & Fan, 2017). On the other hand, Sqlmap replaces the affected parameter's database-specific error prompting HTTP response body and headers with predefined injected character chains within, but only for configured web applications, facilitating management of DBMS error messages. The software version has a fingerprint based operating system. The fingerprint technology helps retrieve the current database, DBMS banner, and session user information (Joseph & Jevitha 2016). In due process, the tool can establish whether the session user is a database administrator. Such is significant, especially when the DBMS has not stored information or the session user has no read access.
References
Joseph, S., & Jevitha, K. P. (2016). Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerability. In Proceedings of 3rd International
Conference on Advanced Computing, Networking and Informatics (pp. 417-426). Springer, New Delhi. Maraj, A., Rogova, E., Jakupi, G., & Grajqevci, X. (2017,
October). Testing techniques and analysis of SQL injection attacks. In 2017 2nd International Conference on Knowledge Engineering and Applications
(ICKEA) (pp. 55-59). IEEE. Uwagbole, S. O., Buchanan, W. J., & Fan, L. (2017, May). Applied machine learning predictive analytics to SQL injection attack
detection and prevention.
1
2
3
2
3
3
4 5 4
4 6
7 8
7 9
In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp. 1087-1090). IEEE.10
1/20/2021 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=ffbb1f0f-2818-43b8-8b29-2f956467818c&course_id… 3/4
hackingtools 70%
Student paper 69%
gbhackers 72%
Student paper 70%
gbhackers 73%
gbhackers 74%
Student paper 100%
Student paper 100%
Student paper 100%
1
Student paper
SQL map is an open-source injection tool that takes over database servers and automates exploitation and detection of SQL injection flaws. It has a tremendous detection engine and a range of database fingerprinting switches to access file systems and use the underlying out-of-band connections to execute commands on the operating system.
Original source
22,630 views SQL map is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers It comes with a powerful detection engine, many nice features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to access the underlying file system and execute commands on the operating system via out-of-band connections
2
Student paper
An automated SQL injection tool checks for vulnerability at runtime.
Original source
Need for an automated SQL injection tool
3
Student paper
option to dump a range of entries, entire database tables, or specific columns.
Original source
Support to dump database tables entirely, a range of entries or specific columns as per user’s choice
2
Student paper
with a Microsoft SQL Server, MySQL, or PostgresSQL, the tool enables uploading and downloading files from the database server.
Original source
For the data bases MySQL, PostgreSQL and Microsoft SQL Server, the tool enables downloading or uploading any file from the database server when the data base server
3
Student paper
The Sqlmap creates an out-of-band TCP connection between the underlying operating system's database server and the attacker machine in a similar realm.
Original source
Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system
3
Student paper
Sqlmap can detect and exploit multiple SQL injection types.
Original source
sqlmap is able to detect and exploit five different SQL injection types
4
Student paper
Joseph, S., & Jevitha, K.
Original source
Joseph, S., &Jevitha, K
5
Student paper
Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerability.
Original source
Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerability
4
Student paper
In Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics (pp.
Original source
In Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics (pp
1/20/2021 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=ffbb1f0f-2818-43b8-8b29-2f956467818c&course_id… 4/4
Student paper 100%
Student paper 100%
cps-vo 100%
Student paper 100%
cps-vo 100%
mendel-journal 100%
Student paper 100%
4
Student paper
Springer, New Delhi.
Original source
Springer, New Delhi
6
Student paper
Maraj, A., Rogova, E., Jakupi, G., & Grajqevci, X.
Original source
Maraj, A., Rogova, E., Jakupi, G., & Grajqevci, X
7
Student paper
Testing techniques and analysis of SQL injection attacks.
Original source
Testing Techniques and Analysis of SQL Injection Attacks
8
Student paper
In 2017 2nd International Conference on Knowledge Engineering and Applications (ICKEA) (pp.
Original source
In 2017 2nd International Conference on Knowledge Engineering and Applications (ICKEA) (pp
7
Student paper
O., Buchanan, W. J., & Fan, L.
Original source
O., Buchanan, W J., Fan, L
9
Student paper
Applied machine learning predictive analytics to SQL injection attack detection and prevention.
Original source
Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention
10
Student paper
In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp.
Original source
In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp
