SQL injection explained
Testing if the target is vulnerable :
(Note: I think you already gathered some information against the site . So you know what is their file extension . If you are attacking randomly then go away from here.)
Then we see many result like:
Simply browse the www.victim.com/something.php?id=3 and add one more thing ‘ . Example:
If the site is vulnerable then we will see SQL error like:
If we see this error on that page then we are confirm the site is vulnerable and exploitable.
Finding the columns Number:
Now we are confirm that it has 6 columns . If you get no error then try more columns 7,8,9 etc.
How to find the Vulnerable column
To find the Vulnerable columns we need “UNION SELECT” command. So:
Now we will see 1-6(Anyone or multiple) number on pages. Suppose we see it is “5”
So now we know the column number 5 is vulnerable.
Checking the MySQL version :
www.victim.com/something.php?id=-3 UNION SELECTS 1,2,3,4,@@version,6–
We know the MySQL version is 5(version 4 won’t work).
Great ! now We quickly need their Users database dump. So quick !!!
Now we need the all tables name
Getting Tables Name
So we get several tables name. For example we get :
We want to logging as a powerful user so that we can edit their pages. To do this first we need to find out columns name:
Getting Columns name:
So from this query we get output like :
It is simply understandable that we need username and password columns for getting admin access:
Grabbing The username and password:
So you get output all username and password like, admin:akde3d09kd4ur489deqa9094ldad48dkr
Now crack the hash and then logging with username “admin” or “super” and plain text(Cracked).
If you don’t know how to crack hash check out other articles…
There are many sql injection technique …. but I explained here which is very common. So try more , research and research.
I hope there are some mistake i made… If you can catch them then feel free to contact me..