Dear Readers: PWNSCAR is planning to publish a monthly Tech Magazine along with some other blogs. To Contribute CHECK DETAILS

ABOUT ME

15 Apr 2012

SQL Injection-Part 1

01:10  , ,  No comments




Hey aWl Lets move on two web hacking :D

I would like to start with sql injection as its personally mah fav attack :D

I would be writing whole series on sql injection -_-


What is SQL Injection <?>


According to OWASP SQL Injection is the most common technique used by hackers to Deface a website. SQL Injection is a technique in which the hacker inserts SQL codes into a web Form to get Sensitive information like (User Name , Passwords n db's also)


Things You Must Know



Database: In simple words Database is a collection of data.
Examples: MSSQL, MS-ACCESS, Oracle

SQL: Structured Query Language. Inorder to communicate with the database, we use SQL Queries..A query is a set of instructions sent to the database. They tell the database to find some information from a table or elsewhere in the database.


SQL injection:SQL injection is a hacking technique. To be precise, it is a technique to access the database of the website without authorization.


How Websites Work?



When we enter our login name and password, the program will search for accounts in its database where the username and password is corresponding to the ones entered by the user.


The sql query looks like this
SELECT * FROM users
WHERE Login Name = $_GET [‘Login Name’]
AND password = $_GET [‘password’]

This query tells the database to find rows in the users table where the values in the user name and password columns equal the values entered by the user.Let us say login name is “admin And password is “password”

Now the query becomes
SELECT * FROM users
WHERE Login Name = admin
AND password = password
Bypassing  Authentication

Finding A Vulnerable Website

First we need to find a vulnerable website. We can take the help of google for this.There are many google dorks to find SQLI vulnerable websites.

Example :
Inurl:admin login.asp
Inurl:login.asp etc
Go to google and type the dork. You will see number of websites. Select any of them.You can test the vulnerability by simply adding a single quote at the end of the URL. If returns an error or blank page, it is vulnerable to SQL injection


Injecting Strings

Now we are going to login to the admin’s account without knowing his password.
1. Use a known username or admin to write into the Login Name field.
2. Enter the string  ' or 1=1 – –    into the password box.
3. Click the “submit”  button.

Now your query will become
SELECT * FROM users
WHERE Login Name = admin
AND password = ' or 1=1 – –  
The database will find every single row in the table, because no matter what the values in the row are, ‘1’ will always equal ‘1.’ This result is that the website grants access even though the password was incorrect. So you will be logged in.

Demonstration

For the purpose of the tutorial i have selected www.xxx.com, which is  vulnerable to SQL injection



Now open the login page of the website.


Now put your SQL string in both user name and password fields and click submit.That's it. You will be logged in. There are many SQL strings available you can google or you can craft your own strings.


 This tutorial was just for basic inf0 f Sql injection :)
 



0 comments:

Post a Comment

Got any doubts or feedbacks ?
Feel free to comment !

Subscribe to: Post Comments (Atom)