TY - JOUR
T1 - Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP
AU - Ojagbule, Olajide
AU - Wimmer, Hayden
AU - Haddad, Rami
PY - 2018/10/4
Y1 - 2018/10/4
N2 - There are over 1 billion websites today, and most of them are designed using content management systems. Cybersecurity is one of the most discussed topics when it comes to a web application and protecting the confidentiality, integrity of data has become paramount. SQLi is one of the most commonly used techniques that hackers use to exploit a security vulnerability in a web application. In this paper, we compared SQLi vulnerabilities found on the three most commonly used content management systems using a vulnerability scanner called Nikto, then SQLMAP for penetration testing. This was carried on default WordPress, Drupal and Joomla website pages installed on a LAMP server (Iocalhost). Results showed that each of the content management systems was not susceptible to SQLi attacks but gave warnings about other vulnerabilities that could be exploited. Also, we suggested practices that could be implemented to prevent SQL injections.
AB - There are over 1 billion websites today, and most of them are designed using content management systems. Cybersecurity is one of the most discussed topics when it comes to a web application and protecting the confidentiality, integrity of data has become paramount. SQLi is one of the most commonly used techniques that hackers use to exploit a security vulnerability in a web application. In this paper, we compared SQLi vulnerabilities found on the three most commonly used content management systems using a vulnerability scanner called Nikto, then SQLMAP for penetration testing. This was carried on default WordPress, Drupal and Joomla website pages installed on a LAMP server (Iocalhost). Results showed that each of the content management systems was not susceptible to SQLi attacks but gave warnings about other vulnerabilities that could be exploited. Also, we suggested practices that could be implemented to prevent SQL injections.
UR - https://digitalcommons.georgiasouthern.edu/information-tech-facpubs/104
UR - https://doi.org/10.1109/SECON.2018.8479130
U2 - 10.1109/SECON.2018.8479130
DO - 10.1109/SECON.2018.8479130
M3 - Article
JO - IEEE SoutheastCon 2018 Conference Proceeding
JF - IEEE SoutheastCon 2018 Conference Proceeding
ER -