What is sql injection?

SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS)

Role of SQL injection for website hacking

Authentication bypass-using this attack an attacker can gain administrative privileges without providing username and password

Information disclosure-using this attack attacker can gain confidential informations

Compromised data integrity-an attacker use this attack to deface a webpage ,insert malicious content into web pages , or modify the contents

Compromised availability of data-attackers use this attack to delete the database

Remote code execution- It  assists an attacker to compromise the host OS

Understanding an sql based query and analysing

Web app vulnerable to SQL injection

Example of SQL injection-Updating table , Adding new records

Types of SQL injection

Error-based SQL injection

Error based sql injection forces the database to perform some operations in which the result will be an error

System stored procedure – Attackers exploit databases stored procedures to penetrate their attack.

End of line comment-  after injecting code into a  particular field , legitimate code that follows is nullifies through usage of end of line comments

Tautology- injecting  statements that are always true so that queries always return results upon evaluation of a WHERE condition

UNION SQL injection

Union SQL Injection- ”UNION SELECT” statement  returns the union of  the intended dataset with the target set.

In this injection a query is added in a already existing query

BLIND sql injection

 •NO error message-
•Generic page-

Boolean Exploitation Technique

Boolean Exploitation Technique is basically an SQL Injection Exploitation technique where a set of Boolean operations are executed in order to extract juicy information regarding the tables of the database of an web application

Information Gathering

To check if the web-application is connected to a particular database server so that it can access the data

List all input fields, hidden fields and post requests whose values could be used in crafting a sql query

Information Gathering USING data entry path

Attempts  to inject codes to generate an error. Try to insert a string value where a number is expected in the input field

Cheat sheet for hacking website using Web app vulnerable to SQL injection

  Ø       ' or 0=0 -- 

Ø       " or 0=0 -- 

Ø       or 0=0 –

Ø       ' or 0=0 #

Ø       " or 0=0 #

        or 0=0 #

website hacking Sql injection testing

 •Consider the following SQL query:
•SELECT * FROM Users WHERE Username='$username' AND Password='$password‘
•Suppose we insert the following Username and Password values:
•$username = 1' or '1' = '1$password = 1' or '1' = '1

•The query will be:
–SELECT * FROM Users WHERE Username='1' OR '1' = '1' AND Password='1' OR '1' = '1'
–If we suppose that the values of the parameters are sent to the server through the GET method, and if the domain of the vulnerable web site is www.example.com, the request that we'll carry out will be:

After a short analysis we notice that the query returns a value (or a set of values) because the condition is always true (OR 1=1). In this way the system has authenticated the user without knowing the username and password.

List of best tools for vulnerability testing

•Nexpose Community
•Tripwire IP360
•Nessus Professional
•Retina CS Community
•Microsoft Baseline Security Analyzer
•Secunia Personal Software Inspector

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *