Hello Technos

What is death row SQL injection? normally the table has many rows itself, so if we execute the usual SQL query ("select * from table") we can get all the records from that table. if a website has SQL injection vulnerability attacker also get all records from the database. the clever programmer uses limit keyword to hide unwanted rows from an attacker. let's assume programme use LIMIT 1 in his query attacker can see only 1 row of output at one time. hence it reduces the impact of the attack. so we called hide rows as death row. death row SQL injection challenges from  http://leettime.net/sqlninja.com challenge 1: if we put a single quote at the end of the URL we will get an error. the below image shows that when we try to exploit a SQL injection attack, our first step should be fixed the query. if we use this "-- -" at the URL  end, we can fix the query  then we have to find the respected table's column by using "ORDER BY" command. i

This CTF base on sql injection. If we want to exploit sql injection we have to follow a rule. that is, we must balance the query. If we successfully balanced the query we can easily exploit the sql injection. Challenge 1 When i put a single quote at the end of the url i will get below output. While we obtain the output, we can say this output is one of the sql error. The actual error is, this one has extra single quote ( ''1''' ). So we have to balance it. If we want to balance this we must add OR’1’=’1 this at the end part of the url. After attaching the query will be modified like this a’or’1’=’1 ’ . The last quote will be added by system. Challenge 2 In this challenge if we put single quote we will get below error Our input directly goes within double quote so, this query does not need to put any special character for query balancing purposes, hence we can directly insert our malicious(

SQL injection is kind of code injection. we can compromise our victim database by exploiting SQL injection. How to find SQL injection vulnerability on a website? there are lots of tools on the internet and also we can use google dorks to find SQL injection vulnerability. google dork examples inurl:php?id= (this is common search) inurl:php?id=  facebook (this is specific domain or related thing ) NOTE: THIS SEARCH RESULT IS NOT 100 ACCURACY  How to check the SQL injection vulnerability? just put a single quote in the targeted URL. after putting single quotes in the URL. if you get an SQL related error on your victim website, then you can confirm your assumption. the below image shows an error message. How to exploit? first, we have to find the vulnerable table total columns number. so I used ORDER BY statement at the end of the url. NOTE: I ALREADY KNOW THE ACTUAL NUMBER OF COLUMN THAT'S WHY I USED 5 HERE. IF YOU USE INVALID COLUMN NUMBER YOU WILL G

sql injection is a command type injection method attack. we can get gain access from victim database by using malicious sql scripts. it has three main type of attacks those are, I n-band SQLi (CLASSIC SQLi) : this is the most common and easily exploitable method. the command type of in-band attack is error and union. Error Based : it relies on error messages thrown by the database server to obtain information about the structure of the database. Union Based : it combines the results of two or more SELECT statements into a single result. Inferential SQLi (Blind SQLi): it does not like in-band SQLi injection, may take longer for an attacker to exploit, however, it is just as dangerous as any other form of SQL Injection. an attacker is able to reconstruct the database structure by sending payloads, observing the web application’s response and the resulting behavior of the database server.   Boolean-based (content-based) Blind SQLi: that relies on sending an SQL query to the d