Hello guys, We all know sql injection and how dangerous is it, but today we will talk about this dangerous vulnerability and we will see :
- What Is Sql Injection ?
- What Are the types of sql injection ?
- How To Exploit Sql Injection ?
For who don't Know what is sql injection, it's a web application vulnerability that allows you to get Some secret data from mysql/postgresql database ( like Usernames, Passwords, Credit Cards, Mail Lists ...)
Sql Injection Is Listed on the first rank On Owasp top 10, that's mean that sql injection is listed with the most dangerous vulnerabilities ( eg : XSS, LFI ... ), Also There Are Many Types Of SQL Injection And that's what we will see in the next part.
What Are The Types Of SQL injection ?
There are many types of sql injection and many methods also of exploitation, but the most famous type is Blind SQL injection ( we will see how to exploit It later )
Types of sql injection :
- Blind SQL injection
- Error Based SQL Injection
- Second order sql injection
There are many other types ... but today we will interest on Blind SQL injection And Quick detection of sql injection.
How To exploit sql injection ?
First of all, let's say that we have this php execute query script :
$id = $_GET['id'];
$query = "SELECT title FROM articles WHERE id='$id'";
so like you see the script will get a user-parameter using $_GET method and this parameter is the article id.
As A simple user, i will see the link ( for example 127.0.0.1/article.php?id=1 ) then i see the page and read my article, but if i'am a hacker, i will Check if there is sql injection or no !
Let's Say that sql injection is the result of wrong user-input parameter. so the Normal id is 1 but if i try to add ' for the id ? what will happened ?
First off all the link will look like this and this is not interesting ...
127.0.0.1/article.php?id=1'
but the php script will be :
$id = $_GET['id'];
$query = "SELECT title FROM articles WHERE id='$id''";
Do you see the red Apostrophe ?
This apostrophe will change our query job ! so, adding apostrophe means that the id content is end and we can put a query after the apostrophe so it will be executed same as a simple sql query and here we can say that there is an sql injection vulnerability !
for example :
127.0.0.1/article.php?id=1'+order+by+1+--+
order by 1 query will be executed ! also we can put insert or delete or update statement but it's not always working.
There Are many tools used to exploit SQL injection, like havij ( the most used tool ) also you can use sqlmap ( sqlmap provides to you the best Methods and techniques to exploit SQL Injection vulnerable sites )
Also, there is a simple tools developed by our team using python for SQL injection exploitation, you can download it from here :
Download SQLI Dark
Download Havij
Download SQLMAP
For Further Information you can visit :
Support #1
Support #2
EmoticonEmoticon