A Case Study of SQL Injection Vulnerabilities Assessment of .bd Domain Web Applications

Abstract

Web applications or services play an important rolein present day to day life. They have impact on the developmentof both individual and a country. Easy access to services suchas online education, banking, reservation, shopping, resources, and information sharing have been proven most efficient forevery day life. Various government and private organizations ofBangladesh have started to use web services to support clients. Most of the web applications of Bangladesh is registered with.bd domain and developed using content management system(CMS), various scripting language and SQL or MySQL database.Web applications are popular target for web attackers. Howeverthe security issues of the .bd domin web applications are notlooked appropriately upon as of yet. One of the most attackedvulnerability of the database driven web applications is SQLinjection or SQLi. SQLi through URL and user-input field isextremely high risk in current web based applications. Restrictinguser access to URL and user input field defies the purpose of webapplications. However, the un-restricted user access exposes thevulnerable fields to web attacks. To prevent these exploitation'sit is essential to have knowledge of the vulnerabilities adversariesuses to exploit the web applications. This paper presents anevaluation and analysis of SQLi vulnerabilities present in theexisting web applications of .bd domain using black box penetration testing approach. User input based SQLi has been used for evaluation.