Main:advertisement
Basic Guide to simple SQL Injection
What is SQL?
SQL stands for Structured Query Language
It is used by people to create databases on servers for data.
Common uses are;
User tables
Price lists
Sensitive data lists
What is SQL Injection?
SQL Injection forces the server to output data (i.e. User password hashes) from the database. To injected you find a page which is "vulnerable".
How do I know if a page is "vulnerable"?
The first test is to test input fields with code which could confuse the server.
Some examples are;
hi' OR 1=1--
hi' or 1=1--
hi" OR 1=1--
hi" or 1=1--
' OR 1=1--
" OR 1=1--
' or 1=1--
" or 1=1--
There are hundreds more and search google to see them.
Right, now there should be an output.
It normally comes in the format:
MySQL Query Error: SELECT * FROM (table name) WHERE (field type) = '' AND (field type) = ''
Now you have your target page but you need to learn what the error means before you can proceed.
So here goes
MySQL Query Error: SELECT * FROM (table name) WHERE (field type) = '' AND (field type) = ''
SELECT --> Select/choose/find
* --> means all in computing
FROM (table name) --> from the table it found
WHERE --> only select files where certain criteria are met
So in laymans terms
Find all instances from a table where your output is true
Now what?
Now you have got your vulnerable page you need to exploit the area where you can enter SQL Queries.
The most common one you will need will be
SELECT * FROM (table)
That outputs the whole table.
However there are other things you can do like destroying the table or adding users with specific abilities.
Found this interesting?
Here are some other links you might enjoy for extra research;
http://www.w3schools.com/sql/sql_intro.asp
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
SQL stands for Structured Query Language
It is used by people to create databases on servers for data.
Common uses are;
User tables
Price lists
Sensitive data lists
What is SQL Injection?
SQL Injection forces the server to output data (i.e. User password hashes) from the database. To injected you find a page which is "vulnerable".
How do I know if a page is "vulnerable"?
The first test is to test input fields with code which could confuse the server.
Some examples are;
hi' OR 1=1--
hi' or 1=1--
hi" OR 1=1--
hi" or 1=1--
' OR 1=1--
" OR 1=1--
' or 1=1--
" or 1=1--
There are hundreds more and search google to see them.
Right, now there should be an output.
It normally comes in the format:
MySQL Query Error: SELECT * FROM (table name) WHERE (field type) = '' AND (field type) = ''
Now you have your target page but you need to learn what the error means before you can proceed.
So here goes
MySQL Query Error: SELECT * FROM (table name) WHERE (field type) = '' AND (field type) = ''
SELECT --> Select/choose/find
* --> means all in computing
FROM (table name) --> from the table it found
WHERE --> only select files where certain criteria are met
So in laymans terms
Find all instances from a table where your output is true
Now what?
Now you have got your vulnerable page you need to exploit the area where you can enter SQL Queries.
The most common one you will need will be
SELECT * FROM (table)
That outputs the whole table.
However there are other things you can do like destroying the table or adding users with specific abilities.
Found this interesting?
Here are some other links you might enjoy for extra research;
http://www.w3schools.com/sql/sql_intro.asp
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
Posted by 
