Image Source – security-geek.in
Hello Novice Hackers ,
In this article I am going to tell you some basic things about SQL and also how to perform basic SQL injection.
SQL stands for Structured Query Language and it is used for communication between application and database. There are some basic statements in SQL language which you must know.
1.) SELECT statement allows us to select data from a table.
2.) INSERT INTO statement allows us to insert data into the already created table
3.) UPDATE statement allows us to update the data
4.) DELETE statement allows us to delete the data from the table
SQL also allows us to perform various operations on its table.
Image Source – cyberintelligence.in
It is a method of injecting SQL queries into a website by which we can bypass the authentication and steal some sensitive information.
Image Source – www.condusiv.com
Query are the statements which are used to perform some action on database.
Examples are :
Suppose there is a table say students and in it has 4 columns of Name , Age , Marks , Date of Birth.
Whenever you type in your username and password into a website a query will be executed on table which will look like SELECT* from table where username=”value” and password=”value”. If the username and password is correct then the user would be able to login else it will show “Invalid Password”.
Find a dynamic page which has something like www.website.com/page.php?username=abc everything after ‘?’ will be used by CGI scripts which resides on the server , it will create a dynamic web page and return it to the client.
Apply ‘ to check if website shows any signs of error www.website.com/page.php?username=abc’ after executing this statement website must show some signs of error.
Apply –+ to comment the rest of the query so that only our query will get executed.
Now we have to first know how many columns are their and what are their names. In order to know number of columns use “order by” .
If the page has atleast column one then it will not show the error and work fine.This is a hit and trial method and you have to keep on increasing the number .Suppose you are at the number 9 .
Now suppose you get an error message at number 9 then by this we can make out that it has column 8.
If the page returns say n then it means that there are n-1 columns.
However not all 8 columns will be vulnerable so in order to get the vulnerable columns use the keyword “union select “.
www.website.com/page.php?username=abc+union+select+1,2,3,4,5,6,7,8 [If there are 8 columns].
Now you must see some number on the web page , those are the vulnerable columns.
After that we have to get the name of the database.
[ Assuming that column 1 is visible] .
Now instead of displaying 1 the webpage will display the name of the database.
Now get the name of the tables .
“www.website.com/page.php?username=abc+union+select+table_name ,2,3,4,5 from information_schema.tables where table_schema=’xyz’–+ “
where xyz is the name of database.
Information_schema stores all the information about database. It contains the names of table under table_name and columns under column_name.
Once you execute the above query you will get the name of tables which are there in the database. Select the table from which you want to get the information.
“www.website.com/page.php??username=abc+union+select+column_name,2,3,4,5 from information_schema.columns where table_schema=’xyz’ and table_name=’users’–+”
[Suppose users is the name of table from which we want to get the data].
Now get the data as you will know all the tables and columns which are there in the database.
“www.website.com/page.php?username=abc+union+select+username,2,3,4,5 from xyz.user–+”.
Where xyz is the name of database , user is the table name and username is the name of column in the user table from which you want to steal the data.
Read Also : How to hack Private CCTV Cameras
This guide is only for information purpose and I do not encourage any type criminal activity conducted using this guide.I would not hold any responsibility if any criminal activity is attempted using the tutorial.
Do tell me how was the guide and If you know any other method of SQL Injection then tell me by commenting below.Don’t hesitate to ask any doubt regarding the guide.
*Enter your best email, we'll send this case study directly to email.
** Don't worry. We never spam or share your information with anybody.