How it works?
Basically, A SQL Injection vulnerability can be produced when the code improperly filters the SQL queries, so by not filtering out escape characters and SQL queries hackers can remotely execute SQL Statements and return results.
ERROR BASED SQLI:
the first thing you will do is try a couple of tests such as inserting a quote ’ or double quote ” and if the database returns an error then you will come to realize that the server has error based SQLI vulnerabilities, so then you will try to execute statements such as ORDER BY to see how many columns the database has.
this will return an error saying something like Unknow Column ‘7’
This tells you that there is no column 7 so, this is good because we can then use
to inject code into that column and get back results. This is a basic procedure to follow but this only works for Error Based SQLI.
BLIND BASED SQLI:
When you come across an SQLI vulnerability that does not return an error, it might be blind SQLI, so in this case, it’s best to use automated tools such as.
Why is it Dangerous?
SQL Injection is dangerous because hackers can maliciously drop all the database entries and destroy database or even remotely access the database or upload a backdoor, See hackers are after information this could be credit card information, social security numbers, emails, passwords.
Tests to see if the server is vulnerable
Check how many valid Columns there are.
http://192.168.20.131/bWAPP/sqli_1.php?title=1’order by 1,2,3,4,5,6,7– -&action=search
Checks the version of the MySql Database
Retrieves the password from the user table
A Useful Tool
A useful tool for Website hacking is HackBar
It only works for Firefox.
$var = $_POST[‘var’];
mysql_query(“SELECT * FROM sometable WHERE id = $var”);
How to deal with it.
Ways to avoid SQLI.
- Parametrized Statements.
- Use stored procedures.
- Escaping All User Supplied Input
Do not use vulnerable PHP Functions
$var = mysql_real_escape_string($_POST[‘var’]);
PHP comes with many built-in functions, such as
Some of these functions have flaws and will be obsolete.