Visible to the public Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP

TitleVulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP
Publication TypeConference Paper
Year of Publication2018
AuthorsOjagbule, O., Wimmer, H., Haddad, R. J.
Conference NameSoutheastCon 2018
Date Publishedapr
KeywordsComputer crime, Computer hacking, content management, content management systems, cybersecurity, data confidentiality, data integrity, data protection, Databases, Drupal website pages, Human Behavior, Internet, Joomla website pages, LAMP server, Metrics, Nikto, Penetration Testing, policy-based-governance, privacy, program testing, pubcrawl, Resiliency, security vulnerability, SQL, SQL Injection, SQLI, SQLi vulnerabilities, SQLMAP, Tools, Vulnerability, vulnerability analysis, vulnerability scanner, Web application, Web applications, Web sites, websites, WordPress
AbstractThere are over 1 billion websites today, and most of them are designed using content management systems. Cybersecurity is one of the most discussed topics when it comes to a web application and protecting the confidentiality, integrity of data has become paramount. SQLi is one of the most commonly used techniques that hackers use to exploit a security vulnerability in a web application. In this paper, we compared SQLi vulnerabilities found on the three most commonly used content management systems using a vulnerability scanner called Nikto, then SQLMAP for penetration testing. This was carried on default WordPress, Drupal and Joomla website pages installed on a LAMP server (Iocalhost). Results showed that each of the content management systems was not susceptible to SQLi attacks but gave warnings about other vulnerabilities that could be exploited. Also, we suggested practices that could be implemented to prevent SQL injections.
DOI10.1109/SECON.2018.8479130
Citation Keyojagbule_vulnerability_2018