5 minute setup:

1. Download the latest version of sqlmap.
2. Download and install Active State Perl.
3. Scan through the thorough documentation of sqlmap at install_path/doc.

Now we are ready to go. We are going to send sqlmap a list of URLs within the vulnerable site based on which ones are indexed by Google and contain GET (?var=value) parameters. There is no need to scan through the site using this method. No need to parse through forms, tamper with URL’s, etc. In fact this is a great numero uno method of testing any new site that comes your way as a security professional…

All you need to do is to feed sqlmap a Google dork command and it is this simple. From the command prompt and within the sqlmap directory execute this command:

perl sqlmap.pl -g “site:yourdomain.com”

sqlmap will hit Google up for any URLs within this domain that contain parameters and then attempt to tamper each URL that Google returns.

You still have a lot of control here. You can choose to try to exploit each URL that sqlmap finds on Google or to ignore it. If a URL can be tampered with you can choose to enact this tampering. If a vulnerability can be exploited you control how it is exploited.

Using the many command line parameters you can take a vulnerable URL and run it through many paces per the documentation (stacked tests, time tests, union tests, fingerprinting, etc).

In protect the organizations that I work for I have found this tool to be a great way to find vulnerabilities on target sites who are indexed by Google.

Note that this should not replace exhaustive testing where all URL activity back and forth between the browser and web server is logged and examined. There is obviously a large disparity between what Google finds or is allowed to find and what a site and its protected pieces may contain.

If you are looking for a way to find the lazy mans entry into exploitable areas of your web servers then look no further than sqlmap.

Now go report your SQL injection vulnerabilities and enjoy your weekend!

A second way to ensure that you are completely up to date with the latest vulnerabilities and exploits is to monitor the web sites of what I will call ‘black market’ organizations who post these vulnerabilities. (and often times the corresponding exploit[s]) Sometimes the mission of these web sites is a little unclear; are they trying to help or trying to hurt…

Here is a list of web sites that may prove beneficial to you in learning about the latest on goings of the cyber-criminal collective mind:

http://milw0rm.com

Run by a group of “hacktivists” best down for penetrating the computers of the Bhabha Atomic Research Center in Mumbai (the primary nuclear research facility of India).

This site is an excellent source for the latest vulnerabilities, complete with corresponding exploits from their 0day exploit database, videos, papers and even shellcode.

Note: the site does have a bit of a habit of disappearing and reappearing.

http://threatpost.com/en_us/category/topics/vulnerabilities

Threatpost (Kaspersky) has a great running list of vulnerabilities

http://www.securityfocus.com/vulnerabilities

A great list of current vulnerabilities, sponsored by SecurityFocus. The details page for each vulnerability provides excellent info including which versions of what software are vulnerable and CVE tags.

http://web.nvd.nist.gov/view/vuln/search

The National Vulnerability Database, sponsored by the DHS National Cyber Security Division. Another great source of vulnerabilities in database/search form.