In this tutorial we will be covering exploiting a URL with an SQL injection. After you find a host using a Google dork or by having a target in mind we can see if it is vunerable by simply trying a simple injection and looking for an error. site/index.php?id=5 ORDER BY 1-- The text in bold is the text that was added to make an SQL injection. If you get some sort of SQL error in the web page, or if some content disappears or something like that, the page is vulnerable to being attacked. Now we need to find out the number of columns are on the table. To do this we will just keep increasing the number in ORDER BY until we get an error. If we get an error on ORDER BY 7-- we know there is no 7th column. site/index.php?id=5 ORDER BY 1-- [No Error!] site/index.php?id=5 ORDER BY 2-- [No Error!] site/index.php?id=5 ORDER BY 3-- [No Error!] site/index.php?id=5 ORDER BY 4-- [No Error!] site/index.php?id=5 ORDER BY 5-- [No Error!] site/index.php?id=5 ORDER BY 6-- [No Error!] site/index.php?id=5 ORDER BY 7-- [Browser displayed error] We know there are 6 columns, so lets use a command to find the vulnerable columns called UNION SELECT site/index.php?id=5 UNION SELECT 1,2,3,4,5,6-- Look on the page for misplaced numbers. If you are having issues finding the numbers try changing the id (or whatever the GET variable is) to -1. There is rarely ids in the negative values so it will clear the content except for our injection data. The numbers you get are the vulnerable tables. We are going to use those numbers to farm information about the server, and get information out of the tables. For the example we are going to assume that the second column is vulnerable.
Posted on: Sun, 16 Mar 2014 20:36:03 +0000
Trending Topics
Recently Viewed Topics
© 2015