Archive for October, 2012

Introduction: SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database.

Key things that you need to know before attacking a website:

  1. Programming Language, used to build the website
  2. RDBMS, used in the website

These two things are important because each programming language handles SQL queries differently than the other. Also, some SQL queries  are different in SQL Server, MySQL, Oracle or PostgreSQL.

Whenever you are asked to perform SQL Injections, you need to think like an outsider, like a Hacker. This will help you uncover maximum no. of loopholes. A hacker always prefer to know about the programming language and RDBMS first.

It is very easy to find these information from a SQL Injection prone website. If you see “aspx” in the URL of the website, you will know that this website is build in ASP.NET. Otherwise, you need to type some special characters e.g. “/” or ” ‘ ” in the login box of the website, the website may throw an programming exception and SQL exception. These exceptions are good enough to let you know what you want.

Example:
Software error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''''' AND password=''' at line 1 at passwd.pl line 26.

If you notice the above error, an exception is raised in “passwd.pl” file, which means that “Perl” language is used to build the website and it also says about “MySQL”. Similar error can be observed for PHP, ASP or other RDBMS.

Now, since you have information about programming language and RDBMS, you can proceed to the next step executing the right and supported SQL queries.

You can try out the above trick in this link http://sqlzoo.net/hack/

Advertisements