Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

SQL Injection


SQL Injection

By ghostghost | 14429 Reads |
0     0

What is SQL?

SQL stands for Structured Query Language It is used by people to create databases on servers for data. Common uses are; User tables Price lists Sensitive data lists What is SQL Injection?

SQL Injection forces the server to output data (i.e. User password hashes) from the database. To injected you find a page which is “vulnerable”.

How do I know if a page is “vulnerable”?

The first test is to test input fields with code which could confuse the server.

Some examples are; hi’ OR 1=1– hi’ or 1=1– hi“ OR 1=1– hi“ or 1=1– ’ OR 1=1– “ OR 1=1– ’ or 1=1– “ or 1=1– There are hundreds more and search google to see them.

Right, now there should be an output.

It normally comes in the format:

MySQL Query Error: SELECT * FROM (table name) WHERE (field type) = ‘’ AND (field type) = ‘’

Now you have your target page but you need to learn what the error means before you can proceed.

So here goes

MySQL Query Error: SELECT * FROM (table name) WHERE (field type) = ‘’ AND (field type) = ‘’

SELECT –> Select/choose/find

  • –> means all in computing FROM (table name) –> from the table it found WHERE –> only select files where certain criteria are met

So in laymans terms

Find all instances from a table where your output is true

Now what?

Now you have got your vulnerable page you need to exploit the area where you can enter SQL Queries.

The most common one you will need will be

SELECT * FROM (table)

That outputs the whole table.

However there are other things you can do like destroying the table or adding users with specific abilities.

Found this interesting?

Here are some other links you might enjoy for extra research;

http://www.w3schools.com/sql/sql_intro.asp http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Comments
bl4ckc4t's avatar
bl4ckc4t 18 years ago

Very useful to know, 10/10 I learned a little bit more off of this article, well written.

ghost's avatar
ghost 18 years ago

i agree with bl4ckc4t, very well written article 2 thumbs up :P

ghost's avatar
ghost 18 years ago

yea good…but maybe bit to short(but that doesnt matter coz u put those 2 links there)B)

ghost's avatar
ghost 18 years ago

Thanks for the help, this article has gotten me one step closer to getting past Basic 8 =)

ghost's avatar
ghost 18 years ago

It's not meant to be long. Long means long time. The longer the time the more likely it could be boring

ghost's avatar
ghost 18 years ago

great post i used it a lot and it contains a lot of the needed combos but i noticed it changed, some weird characters infront… delete maybe?

ghost's avatar
ghost 17 years ago

this is great