Hello, Welcome back! In the previous tutorial we discussed about database and its container such tables and columns, SQL, SQL injection, and how to find SQL injection vulnerable on a sites. If you haven’t read that article, you better read, because you wont miss some valuable information or knowledge if you jump on this part. In the SQL injection tutorial part 1, you may find a basic understanding about database up to find SQL injection vulnerability.
According to Wikipedia, SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
In this tutorial, i will show you how to conduct SQL Injection, manually, live time injection through browser. I suggest you to learn slowly and understand it deeper. Actually SQL injection is out dated injection, but, don’t think that way, Injection based attack stand first on TOP 10 OWASP! Check it.
Install additional useful addons on browser, one of the most popular and used by majority pentester and bug hunter us HackBar addons. It is very handy though, instead of write injection through browser URL bar which is only available one line you better use it, and also HackBar comes with built-in default query inject command. Install it and restart the browser : https://addons.mozilla.org/nn-no/firefox/addon/hackbar/
Before we jump into the injection procedure, let me briefly explain the steps that we will do later, thus we can imagine how the injection or attack flow goes on, alright? Let us have a look at the contents of this tutorial:
1. Finding a vulnerable website
2. Determining the amount of columns
3. Finding which columns are vulnerable
4. Determining the SQL version
5. Finding the database
6. Finding the table names
7. Finding the column names
8. Displaying the column contents
9. Finding the admin page
OK.. so, now let us begin!
STEP 1 : Finding a vulnerable website (Partially Skipped)
In this tutorial i will set target which we found earlier on PART 1, if you don’t know how to find SQL injection vulnerable on site, you may better read PART 1. In this step we will only check whether the site is vuln or not based on our scanning result earlier. So, in our previous SQLi scan we found that url below is vulnerable to SQL injection.
in order to test this site we just need to add a ‘ (colon) either after “=” (equal sign) or the “236” (parameter), like below link:
After pressing enter, you may notice error message on webpage such as the following error :
"...You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 Fatal error: Call to a member function execute() on a non-object in /home/sloki/user/creativ1/sites/creativeclutters.com/www/detail.php on line 38..." blablabla...
Not always the exact warning output as above, or something similar warning output which this site is considered vulnerable to injection.