Title

Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP

Document Type

Conference Proceeding

Publication Date

10-4-2018

Publication Title

IEEE SoutheastCon 2018 Conference Proceeding

DOI

https://doi.org/10.1109/SECON.2018.8479130

ISBN

978-1-5386-6133-8

ISSN

1558-058X

Abstract

There are over 1 billion websites today, and most of them are designed using content management systems. Cybersecurity is one of the most discussed topics when it comes to a web application and protecting the confidentiality, integrity of data has become paramount. SQLi is one of the most commonly used techniques that hackers use to exploit a security vulnerability in a web application. In this paper, we compared SQLi vulnerabilities found on the three most commonly used content management systems using a vulnerability scanner called Nikto, then SQLMAP for penetration testing. This was carried on default WordPress, Drupal and Joomla website pages installed on a LAMP server (Iocalhost). Results showed that each of the content management systems was not susceptible to SQLi attacks but gave warnings about other vulnerabilities that could be exploited. Also, we suggested practices that could be implemented to prevent SQL injections.

Comments

© Copyright 2020 IEEE - All rights reserved.

Share

COinS