According to OWASP SQL Injection is the most common technique used by hackers to Deface a website. SQL Injection is a technique in which the hacker inserts SQL codes into a web Form to get Sensitive information like (User Name , Passwords) In following Series Mr srinvas will explain the Various types of SQL Injections
Things You Should Know
Database: In simple words Database is a collection of data.
Examples: MSSQL, MS-ACCESS, Oracle
SQL: Structured Query Language. Inorder to communicate with the database, we use SQL Queries..A query is a set of instructions sent to the database. They tell the database to find some information from a table or elsewhere in the database.
SQL injection:SQL injection is a hacking technique. To be precise, it is a technique to access the database of the website without authorization.
How Websites Work?
When we enter our login name and password, the program will search for accounts in its database where the username and password is corresponding to the ones entered by the user.
The sql query looks like this
SELECT * FROM users
WHERE Login Name = $_GET [‘Login Name’]
AND password = $_GET [‘password’]
WHERE Login Name = $_GET [‘Login Name’]
AND password = $_GET [‘password’]
This query tells the database to find rows in the users table where the values in the user name and password columns equal the values entered by the user.Let us say login name is “admin And password is “password”
Now the query becomes
SELECT * FROM users
WHERE Login Name = admin
AND password = password
WHERE Login Name = admin
AND password = password
Bypassing Authentication
Finding A Vulnerable Website
First we need to find a vulnerable website. We can take the help of google for this.There are many google dorks to find SQLI vulnerable websites.
Example :
Inurl:admin login.asp
Inurl:login.asp etc
Go to google and type the dork. You will
see number of websites. Select any of them.You can test the
vulnerability by simply adding a single quote at the end of the URL. If returns an error or blank page, it is vulnerable to SQL injectionInurl:login.asp etc
Injecting Strings
Now we are going to login to the admin’s account without knowing his password.
1. Use a known username or admin to write into the Login Name field.
2. Enter the string ' or 1=1 – – into the password box.
3. Click the “submit” button.
Now your query will become
SELECT * FROM users
WHERE Login Name = admin
AND password = ' or 1=1 – –
The database will find every single row in the table, because no matter what the values in the row are, ‘1’ will always equal ‘1.’ This result is that the website grants access even though the password was incorrect. So you will be logged in.WHERE Login Name = admin
AND password = ' or 1=1 – –
Demonstration
Legal Disclaimer:
This demonstration is just to make the people aware of SQL injection on websites. Not to encourage the people to hack into websites. I will not be held responsible if you do anything illegal.
This demonstration is just to make the people aware of SQL injection on websites. Not to encourage the people to hack into websites. I will not be held responsible if you do anything illegal.
For the purpose of the tutorial i have selected www.XYZ.com, which is vulnerable to SQL injection
Now put your SQL string in both user name and password fields and click submit.That's it. You will be logged in. There are many SQL strings available you can google or you can craft your own strings.
Hope you enjoyed the tutorial , Please pass your comments for further doubts and clarifications
No comments:
Post a Comment