A Technical Review of SQL Injection Tools and Methods: A Case Study of SQLMap


  • Mahmoud Baklizi Computer Science/Network Department, Faculty of Information Technology, Al-Isra University, Amman, Jordan
  • Issa Atoum Sofware Engineering Department, Faculty of Information Technology, The World Islamic Sciences and Education, Amman, Jordan
  • Nibras Abdullah School of Computer Sciences, Universiti Sains Malaysia ,11800 USM Penang, Malaysia
  • Ola A. Al-Wesabi Faculty of Computer Science and Engineering, Hodeidah University, Hodeidah
  • Ahmed Ali Otoom Faculty of Science and Information Technology, Irbid National University, Irbid, Jordan
  • Mohammad Al-Sheikh Hasan Computer Science Department, University of Petra, Amman, Jordan


SQL Injection, SQLMap, SQL Tools, Blind Injection, Website Vulnerabilities


SQL injection is considered one of the most dangerous threats to websites and also databases, such vulnerability enabling the attacker to access the web and the databases. As it accesses databases it might change, steal the data, or destroy the database utterly. Currently, and with the implementation of sqlmap found in the literature being scarce and limited, SQL injection detection tools and methods are used without any detailed analysis of their strength and weakness. This paper demonstrated different types of SQL injection with an example, also we know how to detect the SQL injection, the paper shows the important tools that enable the detection of dangerous attacks to prevent the SQL injection and compares them according to the important performance parameter measures. Finally, with the implementation adopted on an ethical and legal website, the proposed paper implemented the most important tool which is called sqlmap. The implementation results reveal access to the database and extract the username and password.


Download data is not yet available.


Tahir, F., A. Mitrovic, and V. Sotardi, Investigating the causal relationships between badges and learning outcomes in SQL-Tutor. Research and Practice in Technology Enhanced Learning, 2022. 17(1): p. 7.

Falor, A., et al. A Deep Learning Approach for Detection of SQL Injection Attacks Using Convolutional Neural Networks. in Proceedings of Data Analytics and Management. 2022. Singapore: Springer Singapore.

Shah, A., et al., Blood Bank Management and Inventory Control Database Management System. Procedia Computer Science, 2022. 198: p. 404-409.

Nouby M. Ghazaly, A. H. H. . (2022). A Review of Using Natural Gas in Internal Combustion Engines. International Journal on Recent Technologies in Mechanical and Electrical Engineering, 9(2), 07–12. https://doi.org/10.17762/ijrmee.v9i2.365

Baptista, K., E.M. Bernardino, and A.M. Bernardino. Detecting SQL Injection Vulnerabilities Using Artificial Bee Colony and Ant Colony Optimization. in Information Systems and Technologies. 2022. Cham: Springer International Publishing.

Ahmad, K. and M. Karim, A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure. (IJACSA) International Journal of Advanced Computer Science and Applications, 2021. 12(6).

Pawan Kumar Tiwari, Mukesh Kumar Yadav, R. K. G. A. . (2022). Design Simulation and Review of Solar PV Power Forecasting Using Computing Techniques. International Journal on Recent Technologies in Mechanical and Electrical Engineering, 9(5), 18–27. https://doi.org/10.17762/ijrmee.v9i5.370

Hu, H., Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system. Vol. 1839. 2017. 020205.

Azman, M.A., M.F. Marhusin, and R. Sulaiman, Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science, 2021. 17(3).

Vyamajala, S., T.K. Mohd, and A. Javaid. A Real-World Implementation of SQL Injection Attack Using Open Source Tools for Enhanced Cybersecurity Learning. in 2018 IEEE International Conference on Electro/Information Technology (EIT). 2018.

Algaith, A., et al. Finding SQL Injection and Cross Site Scripting Vulnerabilities with Diverse Static Analysis Tools. in 2018 14th European Dependable Computing Conference (EDCC). 2018.

Chen, D., et al., SQL Injection Attack Detection and Prevention Techniques Using Deep Learning. Journal of Physics: Conference Series, 2021. 1757(1): p. 012055.

Schwanz, L.E., et al., Best practices for building and curating databases for comparative analyses. Journal of Experimental Biology, 2022. 225(Suppl_1): p. jeb243295.

Ping-Chen, X., SQL injection attack and guard technical research. Procedia Engineering, 2011. 15: p. 4131-4135.

Saidu Aliero, M., et al., Classification of Sql Injection Detection And Prevention Measure. IOSR Journal of Engineering, 2016. Volume 6: p. 06-17.

Hlaing, Z.C.S.S. and M. Khaing. A Detection and Prevention Technique on SQL Injection Attacks. in 2020 IEEE Conference on Computer Applications(ICCA). 2020.

Tang, P., et al., Detection of SQL injection based on artificial neural network. Knowledge-Based Systems, 2020. 190: p. 105528.

Natarajan, K. and S. Subramani, Generation of Sql-injection Free Secure Algorithm to Detect and Prevent Sql-Injection Attacks. Procedia Technology, 2012. 4: p. 790-796.

Jang, Y.-S. and J.-Y. Choi, Detecting SQL injection attacks using query result size. Computers & Security, 2014. 44: p. 104-118.

Halfond, W.G.J. and A. Orso. Detection and Prevention of SQL Injection Attacks. in Malware Detection. 2007. Boston, MA: Springer US.

Ramasamy, P. and S. Abburu, SQL INJECTION ATTACK DETECTION AND PREVENTION. International Journal of Engineering Science and Technology, 2012. 4.

Ananthakrishnan, B., V. . Padmaja, S. . Nayagi, and V. . M. “Deep Neural Network Based Anomaly Detection for Real Time Video Surveillance”. International Journal on Recent and Innovation Trends in Computing and Communication, vol. 10, no. 4, Apr. 2022, pp. 54-64, doi:10.17762/ijritcc.v10i4.5534.

Al-Maliki, M.H.A. and M.N. Jasim, Review of SQL injection attacks: Detection, to enhance the security of the website from client-side attacks. International Journal of Nonlinear Analysis and Applications, 2022. 13(1): p. 3773-3782.

Ventura, R., Blind SQL Injection Attacks Optimization. 2020. 99-109.

SOOD, M. and S. SINGH. Study on sql injection-threats, attacks, types, prevention techniques and tools. in Proceedings of International Conference on Recent Innovations in Engineering and Technology. 2017.

Widiastuti, W. and A. Susanto, SQL Injection dengan Tools Havij dan Sqlmap. 2017.

Kushwaha, J. and D. Soni, A Survey on Malware & Session Hijack Attack over WebEnvironments. IOSR Journal of Computer Engineering (IOSR-JCE), 2018. 20(2): p. 30-35.

Boyapati, B. ., and J. . Kumar. “Parasitic Element Based Frequency Reconfigurable Antenna With Dual Wideband Characteristics for Wireless Applications”. International Journal on Recent and Innovation Trends in Computing and Communication, vol. 10, no. 6, June 2022, pp. 10-23, doi:10.17762/ijritcc.v10i6.5619.

Pundlik, S., SQLIJHS: SQL Injection Attack Handling System. International Journal of Engineering Research & Technology (IJERT), 2013. 2.

Liban, A. and S.M. Hilles, Enhancing Mysql Injector vulnerability checker tool (Mysql Injector) using inference binary search algorithm for blind timing-based attack. 2014. 47-52.

Wheeler, R. BlindCanSeeQL: Improved Blind SQL Injection For DB Schema Discovery Using A Predictive Dictionary From Web Scraped Word Based Lists. 2015.

Gupta, D. J. . (2022). A Study on Various Cloud Computing Technologies, Implementation Process, Categories and Application Use in Organisation. International Journal on Future Revolution in Computer Science &Amp; Communication Engineering, 8(1), 09–12. https://doi.org/10.17762/ijfrcsce.v8i1.2064

Muhammad, K., SQL injection detection and exploitation framework for penetration testing. 2019, London Metropolitan University.

Jose, A., et al., A Novel Approach for Password Cracking by Integrating Sqlsus and John the Ripper, in International Conference on Emerging Computer Applications. 2020. p. 111-123.

Kumar, S., Gornale, S. S., Siddalingappa, R., & Mane, A. (2022). Gender Classification Based on Online Signature Features using Machine Learning Techniques. International Journal of Intelligent Systems and Applications in Engineering, 10(2), 260–268. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/2020

Azman, M., M.F. Marhusin, and R. Sulaiman, Machine Learning-Based Technique to Detect SQL Injection Attack. Journal of Computer Science, 2021. 17: p. 296-303.

Foong Yew, J. and S. Vinesha. A Study of SQL Injection Hacking Techniques. in Proceedings of the 3rd International Conference on Integrated Intelligent Computing Communication & Security (ICIIC 2021). 2021. Atlantis Press.

Web applications and databases interact




How to Cite

M. . Baklizi, I. . Atoum, N. . Abdullah, O. A. . Al-Wesabi, A. A. . Otoom, and M. A.-S. . Hasan, “A Technical Review of SQL Injection Tools and Methods: A Case Study of SQLMap”, Int J Intell Syst Appl Eng, vol. 10, no. 3, pp. 75–85, Oct. 2022.



Research Article

Most read articles by the same author(s)