Hacking For Beginners – Manthan Desai

2010

26. SQL injection for website hacking

In this tutorial I will describe how sql injection works and how to use it to get some useful information.

First of all: What is SQL injection?

It's one of the most common vulnerability in web applications today.It allows attacker to execute database query in url and gain access to some confidential Information etc...( In shortly).

1. SQL Injection (classic or error based) 2. Blind SQL Injection (the harder part)

So let's start with some action

Step 1:- Check for vulnerability

Let's say that we have some site like this http://www.site.com/news.php?id=5

Now to test if is vulnerable we add to url ' (quote), and that would be http://www.site.com/news.php?id=5' so if we get some error like" You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc... "Or something similarThat means is vulnerable to sql injection :)

Step 2:- Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Welljust incrementing the number until we get an error.

http://www.site.com/news.php?id=5 order by 1/* <-- no errorhttp://www.site.com/news.php?id=5 order by 2/* <-- no errorhttp://www.site.com/news.php?id=5 order by 3/* <-- no errorhttp://www.site.com/news.php?id=5 order by 4/* <-- error(We get message like this Unknown column '4' in 'order clause' or something like that)

That means that the it has 3 columns, because we got an error on 4.

Step 3:- Check for UNION function

www.hackingtech.co.tv

Page 147