Security tools serving good and badThis is a python script used by Cyber Security Analysts to check for vulnerabilities in website. Like any other network security tool, it is being utilized by many, meaning it was also being utilized by the bad guys a.k.a "hackers". While we were browsing the dark web, we stumbled upon a hacking forum where you need to take an exam before you could join their group. Now, this forum is no new to us as there were a lot of hacking forum scattered over the net. What intrigued us most is their entrance exam. In order for a newcomer to become a member they must need to prove themselves by taking over or defacing ones site.
SQLMAP.py has been used in the forum wildly like this is the default tool to check for anyone's site. The administrator of the forum posts a list of sites that are going to be brutally attacked by the newcomers with the use of this tool. Majority of the sites are using CMS such as WordPress, Joomla, Magento, etc., CMS are, usually, not vulnerable by themselves, they just need to be updated with newest release. Meaning, all outdated sites are very prone to attacks.
RemediationThis is just an opening attack for a newbie hackers, so most likely if we were able to deny them, they will stop in an instant. So what we can do to prevent this? It is always healthy to check your access logs from time to time to check for any malicious or brute force access on your site, If you found one, try to investigate where it was coming from, but if you do not recognize them, you can always block their IP from accessing your site. If you are a developer or you have your own developer you can also put a lexical checker on your site. Thus verifying SQL commands to filter SQL commands sent to your site.
For more information on how to use the tool, please visit the sqlmap.py site @ www.sqlmap.org