Main Article Content

Sudiharyanto Lika Roy Dwi Putra Halim Ihsan Verdian


In today's world, SQL injection is a serious security threat on the Internet for various dynamic web sites on the internet. Because internet usage for various online services is increasing, so are the security threats that exist on the web are increasing. SQL injection attack is one of the most serious security vulnerabilities on the Web, most of these vulnerabilities are caused by a lack of input validation and use of SQL parameters. SQLMap is an application of the Kali Linux operating system where this application is useful for injecting data contained in a web using the features available in this application. In this paper, we have presented an example of an attack case using SQLMAP, starting from the injection process and how the application works until the process where we can get sensitive data from a web that has been injected without the victim knowing.


Download data is not yet available.

Article Details

How to Cite
LIKA, Sudiharyanto; HALIM, Roy Dwi Putra; VERDIAN, Ihsan. ANALISA SERANGAN SQL INJEKSI MENGGUNAKAN SQLMAP. POSITIF : Jurnal Sistem dan Teknologi Informasi, [S.l.], v. 4, n. 2, p. 88-94, nov. 2018. ISSN 2460-9552. Available at: <>. Date accessed: 24 july 2019. doi:


L. K. Shar and H. B. K. Tan, “Defeating SQL injection,” Computer (Long. Beach. Calif)., vol. 46, no. 3, pp. 69–77, 2013.

P. Singh, K. Thevar, P. Shetty, and B. Shaikh, “Detection of SQL Injection and XSS Vulnerability in Web Application,” no. 3, pp. 16–21, 2015.

W. G. J. Halfond and A. Orso, “Detection and Prevention of SQL Injection Attacks,” Malware Detect., vol. 13, no. 8, pp. 85–109, 2013.

R. P. Mahapatra, “A Survey Of Sql Injection Countermeasures,” Int. J. Comput. Sci. Eng. Surv., vol. 3, no. 3, pp. 55–74, 2012.

R. M. Pandurang and D. C. Karia, “A mappingbased podel for preventing Cross site scripting and SQL injection attacks on web application and its impact analysis,” Proc. 2015 1st Int. Conf. Next Gener. Comput. Technol. NGCT 2015, no. September, pp. 414–418, 2016.

S. Charania and V. Vyas, “SQL Injection Attack :Detection and Prevention,” Int. Res. J. Eng. Technol., pp. 2395–56, 2016.

S. Mirdula and D. Manivannan, “Security vulnerabilities in web application - An attack perspective,” Int. J. Eng. Technol., vol. 5, no. 2, pp. 1806–1811, 2013.

M. Kaushik and G. Ojha, “Attack Penetration System for SQL Injection,” Int. J. Adv. Comput. Res., vol. 4, no. 2, pp. 724–732, 2014.

A. Sadeghian, M. Zamani, and A. A. Manaf, “A taxonomy of SQL injection detection and prevention techniques,” Proc. - 2013 Int. Conf. Informatics Creat. Multimedia, ICICM 2013, pp. 53–56, 2013.

A. John, “SQL Injection Prevention by Adaptive Algorithm,” IOSR J. Comput. Eng., vol. 17, no. 1, pp. 19–24, 2015.

B. S. Samantha and M. V Phanindra, “AN OVERVIEW ON THE UTILIZATION OF KALI LINUX TOOLS Professor Department of Information Technology , CBIT , Hyderabad , India,” vol. 5, no. 2, pp. 104–113, 2018.

R. M. Davison, M. G. Martinsons, and N. Kock, “Principles of canonical action research,” Inf. Syst. J., 2004.