Loading...

Basics of Sql Injection Tutorial !

Sql injection is a flaw in " web application" development. It is not a database or webserver problem.Many programmers are still ...



Sql injection is a flaw in " web application" development. It is not a database or webserver problem.Many programmers are still not aware of this problem.Alot of the tutorials & demo "templates" are vulnerable.Even lots of solutions posted on the internet are not good enough.In pen test over 60% of clients turn out to be vulnerabe to sql injection.


//Hey guys it is most important flow .So please read the full tutorial as this is just the basic of sql injection. //


Impact of Sql Injection :
* Access the entire database schema.
* Steal,modify,and delete database contents.
* Prevent legitimateaccess to the database.
* Run operating system commands on database server.
* Disclose company proprietary data.


Common Vulnerable login query:
* SELECT * FROM users WHERE login='victor' AND password='123'.
* var sql="SELECT * FROM users WHERE login="'+formusr+ '" AND password="'+frompwd+'";




Injecting Through Strings:
* formusr='or1=1--
* fprmpwd=anything
* SELECT * FROM users WHERE username='' or 1=1-- AND password='anything'


The Power of '
* It closes the string parameter.
* Everything after is consudered part of the SQL command.


Some Standard SQL Commands such as :
"Select","Insert","update","delete","create", and "drop" can be used to accomplish almost everything that one needs to do with a database.


You have seen many time urls like www.XXX.in/news.asp?ArticleID=10
This link tells the site to look in the table that stores the article names for an article who's "ArticleID" is 10.
The "TNFORMATION_SCHEMA" holds the names of every table and column on a site.On every SQL server there will be an "INFORMATION_SCHEMA" and its name will never change.


Understanding Error Messages:
* Example : www.XXX.in/index.php?id=1
* Add 'or/* after id=1 to check whether site is vulnerable or not.
* If site is giving some error then site is vulnerable to SQL inection.
* If blank page is shows then the site is vulnerableto blind injection.


Now Finding out Vulnerable Columns
* Example: www.XXX.in/index.php?id=1+order+by+1--
* Increase order till you get an error message something like "Unknown Column in 'Order' Clause.


So now my next tutorial will teach you how to hack a webserver by sql injection ...............
Reactions: 

Post a Comment

emo-but-icon

Home item

Follow by Email

Recommend on Google

Advertisements

Advertisements

Popular Posts

Random Posts

Recent Posts

ADS

eXTReMe Tracker