SQL Injection  - SQL Injection - How to Perform Manual SQL Injection With Integer Based Method

Today we will SQL with integer based method for the MySQL database. I hope the last article on error based string injection is useful to everyone, especially for beginners.Now I will quickly drive into yet another writing for SQL injection with the integer based method.

SQL Injection ONLINE LAB:

  • Beginners can use this website to practice skills for SQL injection
  • To Access the LAB Click Here

STEP 1: Breaking the Query

  • Visting the website testphp.vulnweb.com/artists.php?artist=1 
  • let us add & check single quote to existing URL to check whether the website is vulnerable to SQL Injection by adding testphp.vulnweb.com/artists.php?artist=1′

- Screenshot 488 - How to Perform Manual SQL Injection With Integer Based Method

  • Here we are trying to break query to receive error messages with the database so that we can balance the query.
  • But we are not getting error statements with respect to our input, which single quote as input.
  • Now I understand that when the input string is not getting an error with the database, let me try to fix without a single quote.

- Screenshot 486 - How to Perform Manual SQL Injection With Integer Based Method

  • Above figure shows that website is getting fixed & we have joined the query with no errors with integer method.So this is called as SQL Injection With Integer Based Method.

STEP 2: Finding the Backend Columns

  • It is time to have a conversation with the database to find the number of columns.To enumerate columns we can use order by .
  • Let me ask database with any number so that I can check that columns availability in the database.

SQL injection  - qwe - How to Perform Manual SQL Injection With Integer Based Method

  • Above figure, I have asked for 4 columns, but it throws an error.
  • Keep asking database, let me ask for 3 columns !!!

SQL injection  - 2 - How to Perform Manual SQL Injection With Integer Based Method

  • Above Figure shows no SQL errors, Yes! we have only 3 columns

STEP 3: Finding the Backend Table & Table Names

  • Let us ask database its table path with the command union all select 

SQL injection  - Screenshot 465 - How to Perform Manual SQL Injection With Integer Based Method

  • Above figure shows the of union all select gives the path of tables.2 & 3 the tables path.

SQL injection  - Screenshot 469 - How to Perform Manual SQL Injection With Integer Based Method

  • Above figure shows the execution of database() & version() on the path of tables 2 & 3 provides us the database name and version.
  • So here database name is acuart and version is 5.1.73-0ubuntu0.10.04.1

STEP 4: Dumping Database Tables

  • _concat() is the function returns a string with the concatenated non-NULL value from a .
  • So we can use this Function to list all Tables from the database.
  • In Addition, we can use Information_Schema to view metadata about the objects within a database

SQL injection  - Screenshot 471 - How to Perform Manual SQL Injection With Integer Based Method

- Screenshot 473 - How to Perform Manual SQL Injection With Integer Based Method

  • The Above Figure shows the dump of all tables as carts,categ,featured,guestbook,pictures,products,users

STEP 5: Dumping all Data in Columns of Tables

  • Here I will dump for users in table

SQL injection  - Screenshot 475 - How to Perform Manual SQL Injection With Integer Based Method

- Screenshot 477 - How to Perform Manual SQL Injection With Integer Based Method

  • The Above Figure shows the dump of all columns of tables contains
    uname,pass,cc,address,email,name,phone,cart.

STEP 6: Dumping all Usernames & passwords

  • Here we can dump all usernames & passwords in the database.

- Screenshot 479 - How to Perform Manual SQL Injection With Integer Based Method

- Screenshot 484 - How to Perform Manual SQL Injection With Integer Based Method

  • Here we got the username as test and password as test !!!!
  • practice and try to dump all columns of tables contains cc,address,email,name,phone,cart. Happy !!!



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here