PEMANFAATAN SQLMAP UNTUK DETEKSI SQL INJECTION PADA SITUS WEB

Hulwa Salsabila; Raka Fazah Fithra

doi:10.23960/jitet.v13i3.6507

Hulwa Salsabila
Universitas Singaperbangsa Karawang
Raka Fazah Fithra
Universitas Singaperbangsa Karawang

DOI: https://doi.org/10.23960/jitet.v13i3.6507

Abstract Views (Last 12 Months)

969 Abstract Views

767 Downloads

Abstract

SQL Injection is a serious threat to the security of dynamic websites widely used on the internet. This attack can expose sensitive information and compromise system integrity. Therefore, this research was conducted to identify and exploit vulnerabilities in websites using the SQLMAP tool. This tool allows for scanning and extracting data from databases vulnerable to SQL Injection attacks. The research started by scanning the website to identify the database in use, followed by exploring the tables, and finally dumping data from the selected table. The results of the study show that SQLMAP can be effectively used to detect and exploit vulnerabilities in websites with SQL Injection flaws. Although effective, its use requires a deep technical understanding of SQL and server configurations. These findings are significant in the context of website security testing and contribute to the development of more effective tools to detect and address potential SQL Injection attacks. This research is expected to raise awareness and understanding of the importance of securing websites against SQL Injection attacks.

Downloads

Download data is not yet available.

References

A. M. Albaehaqi, M. I. Andriana, R. H. Hidayat, T. Informatika, and U. M. Bakti, “NUTRICHIVE : APLIKASI MOBILE UNTUK DETEKSI BAHAN MAKANAN DAN REKOMENDASI RESEP GUNA,” JITET (Jurnal Inform. dan Tek. Elektro Ter., vol. 13, no. 1, 2025.

T. I. M. Pratama, M. D. F. Songida, and I. Gunawan, “Analisis Serangan dan Keamanan pada SQL Injection: Sebuah Review Sistematik,” JIIFKOM (Jurnal Ilm. Inform. dan Komputer), vol. 1, no. 2, pp. 27–32, 2022, doi: 10.51901/jiifkom.v1i2.230.

R. Hermawan, “Teknik Uji Penetrasi Web Server Menggunakan SQL Injection dengan SQLmap di Kalilinux,” STRING (Satuan Tulisan Ris. dan Inov. Teknol., vol. 6, no. 2, p. 210, 2021, doi: 10.30998/string.v6i2.11477.

A. Andria and R. Pamungkas, “Penetration Testing Database Menggunakan Metode SQL Injection Via SQLMap di Termux,” Indonesian Journal of Applied Informatics, vol. 5, no. 1. p. 1, 2021. doi: 10.20961/ijai.v5i1.40845.

D. Al, A. ; Endang, and W. Pamungkas, “Analisis Keamanan Database Aplikasi Web Dengan Sql Injection Menggunakan Penetration Tools,” pp. 1–22, 2023.

N. Christina Sari et al., “Deteksi Kerentanan SQL Injection pada Website Menggunakan Vulnerability Assessment Info Artikel,” J. Data Insights, vol. 2, no. 1, pp. 9–17, 2024, [Online]. Available: http://journalnew.unimus.ac.id/index.php/jodi

A. Dos Santos, G. S. Pereira, R. A. Syuhada, and E. M. S. Sakti, “Uji Coba Keamanan Database Website Menggunakan Python Dan Sqlmap Melalui Command Prompt Pada Sistem Operasi Windows,” J. Ilm. Tek. Inform., vol. 25, no. 1, pp. 146–153, 2024, [Online]. Available: https://doi.org/10.37817/tekinfo.v25i1

D. U. Khabibah, Y. Nurrohman, K. Dewandaru, S. J. D. H. Balian, and A. Setiawan, “Strategi Mitigasi SQL Injection dengan Implementasi SQLMap dan Web Application Firewall,” J. Technol. Syst. Inf., vol. 1, no. 4, p. 12, 2024, doi: 10.47134/jtsi.v1i4.2656.

A. Riyanti, B. M. Rahmanto, D. R. Hardianto, R. D. A. Yuristiawan, and A. Setiawan, “Uji Penetrasi Injeksi SQL terhadap Celah Keamanan Database Website menggunakan SQLmap,” J. Internet Softw. Eng., vol. 1, no. 4, p. 9, 2024, doi: 10.47134/pjise.v1i4.2623.

L. A. Nugraha, I. A. Kautsar, and A. S. Fitrani, “SQL Injection: Analisis Efektivitas Uji Penetrasi dalam Aplikasi Web,” Smatika J., vol. 14, no. 01, pp. 111–123, 2024, doi: 10.32664/smatika.v14i01.1224.

J. Desmon, S. Hidayatulloh, and Y. Jumaryadi, “Systematic Literature Review: Serangan Deface Website Sebagai Bentuk Kejahatan Siber,” Just IT J. Sist. Informasi, Teknol. Inf. dan Komput., vol. 14, no. 2, pp. 80–149, 2024, [Online]. Available: https://jurnal.umj.ac.id/index.php/just-it/index

Y. Natanael, R. Felicia, and E. M. S. Sakti, “Analisis Keamanan Informasi Bagi Pengguna Website Menggunakan Kalilinux Melalui Teknik SQL Injection,” J. Ilm. Tek. Inform. …, vol. 25, no. 1, pp. 123–132, 2024, [Online]. Available: https://ojs.upi-yai.ac.id/index.php/TEKINFO/article/download/3903/2967