What is SQL Injection?SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
In simple words I must say that hacker injects certain characters in the admin authentication area and gains access as admin.
How is basic SQL injection Accomplished?Google is very helping in hacking, due to dork technique, Now you will think that what is dork?
Dork: A search enquiry to find a website specific to an attack type etc.
A few dorks are below, which are used to find, vulnerable site:
"inurl:admin.asp"(Note: I am not giving all dorks, due to the fact that i might go illegal, You may be just learning but we can't trust everyone.)
These dorks are pasted in the search bar of google.com. and then searched to find the website.
After finding the required target, injection is accomplished, like in the login fields of admin, as password following injections are inserted:
' or '1'='1(Google to get more, It would be illegal if i post here all.)
' or 'x'='x
In simple words:
Username : Admin
Password : 'or'1'='1
Hit login and you are in, All the sites are not vulnerable and this is just for learning purpose, WiredHacks is not responsible for any harm or damage caused.
That was just a simple tutorial to give you basic information of SQL injection. There are more advanced techniques too. But some other day i will discuss.
How to check that your website is vulnerable?Well, After reading the basics above you might have got the concept of SQL injection. But many tools are also available to scan your website or server for such errors in database, Note, When error occurs it means that website is vulnerable.
Here is an online scanner:
http://webhosting.blackoutaio.com/~sqli/For example, If you want to scan, www.website-yasar.com then put this in scanner bar:
inurl:php?=id+site:website-yasar.comIf you get:
http://www.website-yasar.com/product.php?id='3 <== Success
Then it means that website is vulnerable and can be exploited easily by getting the number of colums.
(Note: catid, data, num is also used in addition to id. Simply replace id with your desired value in the dork of scanner.)
Here i got screen shot of a Website with dork "data" instead of "id" vulnerable to the attack it has scanned it overall and here are results:
Here is an automated scanner, Which is for newbies, Just click scan and take rest.
Go to this link to get detailed information on how to find SQL vulnerability in website.
To get Acunetix vulnerability scanner Trial version go here.
Hope, Now you might be aware of SQL injections. Futher information will be posted later.
Tags: sql injection, website hacks