If you dont know about SQL injecton use my previous articles on sql injection and sql injection article . In SQL Injection hackers test for SQL injection vulnerabilities by sending the application input that would cause the server to generate an invalid SQL query. If the server then returns an error message to the client, the attacker will attempt to reverse-engineer portions of the original SQL query using information gained from these error messages.
If your application does not return error messages, it may still be susceptible to “blind” SQL injection attacks.
Detecting Blind SQL Injection Vulnerability
Web applications use SQL queries with client-supplied input in the WHERE clause to retrieve data from a database. By adding additional conditions to the SQL statement and evaluating the web application’s output, you can determine whether or not the application is vulnerable to SQL injection.
suppose a URL.
www.mywebsite.com/products.php?id=5
suppose this is a url of a website showing the product details of having id=5 in database. Just check by using this.
www.mywebsite.com/products.php?id=5 AND 1=1
If you are able to see the same page it means this website is vulnerable. May be it will not show database errors on the webpage but it is not checking for user input properly, so it is showing the same page by adding AND 1=1.
A secure application would reject this request because it would treat the user’s input as a value, and the value “5 AND 1=1” would cause a type mismatch error. The server would not display a press release.
Now you can inject more queries to user input to exploit database...
www.mywebsite.com/products.php?id=5 and substring(@@version,1,1)=4
if this query will return true it means mysql version 4 if not then try with different no.
www.mywebsite.com/products.php?id=5 and and (SELECT 1 from admin limit 0,1)=1
here i guessed the table name admin. If the page loads true it means table exists..
try with this kind of other queries.
=)
If your application does not return error messages, it may still be susceptible to “blind” SQL injection attacks.
Detecting Blind SQL Injection Vulnerability
Web applications use SQL queries with client-supplied input in the WHERE clause to retrieve data from a database. By adding additional conditions to the SQL statement and evaluating the web application’s output, you can determine whether or not the application is vulnerable to SQL injection.
suppose a URL.
www.mywebsite.com/products.php?id=5
suppose this is a url of a website showing the product details of having id=5 in database. Just check by using this.
www.mywebsite.com/products.php?id=5 AND 1=1
If you are able to see the same page it means this website is vulnerable. May be it will not show database errors on the webpage but it is not checking for user input properly, so it is showing the same page by adding AND 1=1.
A secure application would reject this request because it would treat the user’s input as a value, and the value “5 AND 1=1” would cause a type mismatch error. The server would not display a press release.
Now you can inject more queries to user input to exploit database...
www.mywebsite.com/products.php?id=5 and substring(@@version,1,1)=4
if this query will return true it means mysql version 4 if not then try with different no.
www.mywebsite.com/products.php?id=5 and and (SELECT 1 from admin limit 0,1)=1
here i guessed the table name admin. If the page loads true it means table exists..
try with this kind of other queries.
=)
0 comments:
Post a Comment