SQL INJECTION UNION BASED (BEGINNER LEVEL)

-
SQL injection is kind of code injection. we can compromise our victim database by exploiting SQL injection.

How to find SQL injection vulnerability on a website?
there are lots of tools on the internet and also we can use google dorks to find SQL injection vulnerability.
google dork examples

  • inurl:php?id= (this is common search)
  • inurl:php?id=  facebook (this is specific domain or related thing )


NOTE: THIS SEARCH RESULT IS NOT 100 ACCURACY 

How to check the SQL injection vulnerability?
just put a single quote in the targeted URL. after putting single quotes in the URL. if you get an SQL related error on your victim website, then you can confirm your assumption. the below image shows an error message.

How to exploit?
first, we have to find the vulnerable table total columns number. so I used ORDER BY statement at the end of the url.
NOTE: I ALREADY KNOW THE ACTUAL NUMBER OF COLUMN THAT'S WHY I USED 5 HERE. IF YOU USE INVALID COLUMN NUMBER YOU WILL GET ERROR ON THIS PAGE.

 after finding the total number of columns we have to find the vulnerable columns from that. so we can use "union+all+select" statement and find vulnerable columns.
NOTE: I had found 2 and 3 as the vulnerable column in my example.

 then we have to check identified vulnerable columns are working or not. so I use @@version command to check the column.
the vulnerable column display the sql version information so we can make sure the command status.

NOTE: WE SHOULD WRITE THE COMMAND WITHIN VULNERABLE COLUMN ONLY OTHERWISE IT IS NOT WORKING.
now we have to find all table from our victim so im going to use "group_concat(table_name),5,6+from+information_schema.tables+where+table_schema=database()" this command and find the table names from our victim.

now, we need column names from respective tables. so i use this command "UNION+SELECT+1,2,3,group_concat(column_name),5,6+from+information_schema.columns+where+table_name=char(10,10,10,10)"
NOTE: WE SHOULD CHANGE THE TABLE NAME TO CHAR CHARACTORS
likewise, we can get the data as well
"UNION+SELECT+1,2,3,group_concat(aaa,bb),5,6+from+TABLENAME"

Comments

Post a Comment

Popular posts from this blog

Install android studio on the parrot os

-
Image
parrot OS is based on Linux environment so we have to download Linux version of android studio. if you want Linux version android studio just click here . after the download is completed you will get the zip file of the android studio. so you need to unzip it first. then you can see several files within the unzipped folder. figure 1 represents the sample output. Figure 1 then go to bin folder which is stored in the unzipped folder. after opening the bin folder, you can see studio.sh shell script. if you execute that, the android studio will be running on your PC's.  Note:- you have to give execute permission to studio.sh for the current user before you execute studio.sh script. (sudo chmod u+x studio.sh) Figure 2 but we will be doing like this. it's annoying, so now we are going to the terminal command that is helped to us to access android studio by using terminal commands.  move your unzipped file to "/root" from Downloads. then go to "/usr
Read more

How to do simple brute force attack with burp suite

-
Image
What is brute force attack? brute force is a kind of password based attack. normally attacker checks each and every possible combination until reaching the expected output. so an attacker should check the huge amount of data but the normal human cannot do this kind of things. that's why we must move on some predefine tools to do this kind of attacks. work through this is the sample login page. we are going to attack this page and get the login credentials.(note: this is a basic login form it does not have any prevention mechanism for brute force attack.) let's try any value on this form and capture the data packet for analyzing. after analyzed we can say these data packets have username and password, which we entered previously. so we have to forward this data packet to intruder tab (right click and select intruder option). now  go to the intruder and mark the target variables which are carrying username and password. The below figure shows that. Note:
Read more

PoC video of How to Hack Gmail and Bitcoin Wallet using SS7 flaw

-
Image
A long time ago we published a report about how someone can hack WhatsApp with the SS7 by default. The standard SS7 exists for eons now with corrections, but GSM and telecom companies do not bother or trouble to repair their infrastructure against the standard. Now a Cyber ​​Security Company called Positive Technologies has released a video detail as anyone in any Gmail account can hack with a name and a phone number with the standard SS7. After the abduction of the Gmail account of the victim, the investigators then tried to steal a Bitcoin wallet with the same SS7 defect. Positive researchers sent their video to Thomas Fox-Brewster, an investigating reporter for Forbes, as well as details about hacking. What is the SS7 error? The vulnerability is found in the signaling system 7 or SS7, the technology used by telecommunication operators where the high-security message system and telephone calls depend. SS7 is a set of telephone signaling protocols developed in 1975 that make i
Read more