SQL Injection

SQL Injection

By ghost | 14422 Reads |

0     0

What is SQL?

SQL stands for Structured Query Language It is used by people to create databases on servers for data. Common uses are; User tables Price lists Sensitive data lists What is SQL Injection?

SQL Injection forces the server to output data (i.e. User password hashes) from the database. To injected you find a page which is “vulnerable”.

How do I know if a page is “vulnerable”?

The first test is to test input fields with code which could confuse the server.

Some examples are; hi’ OR 1=1– hi’ or 1=1– hi“ OR 1=1– hi“ or 1=1– ’ OR 1=1– “ OR 1=1– ’ or 1=1– “ or 1=1– There are hundreds more and search google to see them.

Right, now there should be an output.

It normally comes in the format:

MySQL Query Error: SELECT * FROM (table name) WHERE (field type) = ‘’ AND (field type) = ‘’

Now you have your target page but you need to learn what the error means before you can proceed.

So here goes

MySQL Query Error: SELECT * FROM (table name) WHERE (field type) = ‘’ AND (field type) = ‘’

SELECT –> Select/choose/find

• –> means all in computing FROM (table name) –> from the table it found WHERE –> only select files where certain criteria are met

So in laymans terms

Find all instances from a table where your output is true

Now what?

Now you have got your vulnerable page you need to exploit the area where you can enter SQL Queries.

The most common one you will need will be

SELECT * FROM (table)

That outputs the whole table.

However there are other things you can do like destroying the table or adding users with specific abilities.

Found this interesting?

Here are some other links you might enjoy for extra research;

http://www.w3schools.com/sql/sql_intro.asp http://www.securiteam.com/securityreviews/5DP0N1P76E.html