Successful SQL injection attempts can cause an attacker to not only steal data from a database, but also modify and/or delete it. Certain SQL Servers may also contain Stored and Extended Procedures (database server functions). If an attacker can obtain access to these Procedures it may be possible to compromise the entire system and through it, access other systems on the network.

Testing for SQL injection vulnerabilities is often a tedious and labor intensive process. Sqlmap is a powerful tool that aid in this test process. Currently at version 0.7 release candidate 1, sqlmap is a command-line automatic SQL Injection tool developed in python.

Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to retrieve remote DBMS databases, user names, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

sqlmap implements multiple techniques to attempt and exploit a SQL injection vulnerability. Inferential blind SQL injection, also known as boolean based blind SQL injection, UNION query (inband) SQL injection, also known as full UNION query SQL injection and Batched (stacked) queries support, also known as multiple statements support.

In addition to the common input sources, the tool can also test cookies. Since many applications store their session information using a cookie, this is a common practice during SQL injection attempts — one that most penetration tests often overlook.

Sqlmap excels more at exploiting an identified SQL injection vulnerability than finding it. Even with the high degree of automation, it still takes some time to identify vulnerabilities and requires some knowledge of SQL injection techniques.

Latest version of sqlmap is available at sourceforge. For information on preventing SQL injection vulnerabilities, refer to this cheat sheet.

Part 1 – Developer tools
#	Type of APP	Open Source Solution	Comments
1	IDE	Eclipse http://www.eclipse.org/	To quote from the eclipse wiki – “Eclipse means a lot of different things to different people. To some Eclipse is a free, state-of-the-art Java development environment. To others, Eclipse is a flexible environment to experiment with new computer languages or extensions to existing languages.” Written in Java, and available for Mac OS, Windows in addition to many others, this is the most popular multi-language IDE with extensive community support. Truly amazing!
2	Web Dev Editor / IDE	Bluefish http://bluefish.openoffice.nl	A lightweight editor/IDE for Linux that supports multiple documents, tons of wizards and allows creation of dynamic web sites.
3	C/C++ IDE	Anjuta http://anjuta.sourceforge.net	A full featured User Friendly C++ oriented IDE for GNU/Linux. Works great with GLADE
4	UI Designer	Glade http://glade.gnome.org	A a RAD (rapid application development) tool used to create GTK+/GNOME WYSIWYG graphical user interfaces. Can work with / even be embedded into Anjuta.

In the next part, we’ll look at one of my favorite topics for leveraging Open Source – Content Management. Stay tuned.