Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP

Authors

Olajide Ojagbule, Georgia Southern UniversityFollow
Hayden Wimmer, Georgia Southern UniversityFollow
Rami Haddad, Georgia Southern UniversityFollow

Document Type

Conference Proceeding

Publication Date

10-4-2018

Publication Title

IEEE SoutheastCon 2018 Conference Proceeding

DOI

10.1109/SECON.2018.8479130

ISBN

978-1-5386-6133-8

ISSN

1558-058X

Abstract

There are over 1 billion websites today, and most of them are designed using content management systems. Cybersecurity is one of the most discussed topics when it comes to a web application and protecting the confidentiality, integrity of data has become paramount. SQLi is one of the most commonly used techniques that hackers use to exploit a security vulnerability in a web application. In this paper, we compared SQLi vulnerabilities found on the three most commonly used content management systems using a vulnerability scanner called Nikto, then SQLMAP for penetration testing. This was carried on default WordPress, Drupal and Joomla website pages installed on a LAMP server (Iocalhost). Results showed that each of the content management systems was not susceptible to SQLi attacks but gave warnings about other vulnerabilities that could be exploited. Also, we suggested practices that could be implemented to prevent SQL injections.

Recommended Citation

Ojagbule, Olajide, Hayden Wimmer, Rami Haddad. 2018. "Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP." IEEE SoutheastCon 2018 Conference Proceeding: IEEE Xplore. doi: 10.1109/SECON.2018.8479130 source: https://ieeexplore.ieee.org/document/8479130 isbn: 978-1-5386-6133-8
https://digitalcommons.georgiasouthern.edu/information-tech-facpubs/104

Copyright

© Copyright 2020 IEEE - All rights reserved.