Since you are in this article, I assumed you that you already read this article SQL Injection. As a tester, we know that manual testing consume a lot of time. Especially if you are doing injection testing in which you are injecting a malicious script or query to a website manually. For that reason, this article is for you! It contains tutorial on how to install SQL Injection Me, an add on tool by Mozilla Firefox for SQL Injection.
What is SQL Inject Me?
SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. This tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page. The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool. You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.
How To Start With SQL Inject Me
For you to start with SQL Inject Me, Just go to your Mozilla Firefox browser and search the SQL Inject Me addon on google.
Once you are on the said site, Click the Add to Firefox button.
As you notice, Message will appear at the left top of the page asking to install software on your computer. Just click the Allow button.
Click the Install button to install the SQL Inject Me add on.
Once the installation was done, message at the top left part of the page will appear to Restart the browser. Click the Restart Now button.
Click the Tools > SQL Inject Me > Open SQL Inject Me Sidebar
After that, SQL Inject Me Sidebar will appear at the left part of the page. As you notice, It contains several input forms of the website you are currently in and the forms that you're going to inject scripts.
Select the available scripts on the dropdown lists that you prefer.
Before executing the test, check the checkbox beside the dropdown list. Once you are done, click the Execute button at the top part to execute the test.
The test scripts are currently running. Once all the scripts were done executing, a new tab will appear to display the results of the test if the website has SQL vulnerability.
And that's it. SQL Injection is now easy. A new tab will display the result of testing if the website you're testing is vulnerable to sql injection. It contain number of Failures, Warnings and Passes.