Manual SQL Injection Exploitation Step by Step

This article is based on our previous article where you have learned different techniques to perform SQL injection manually using dhakkan. Today we are again performing SQL injection manually on a live website “vulnweb.com” in order to reduce your stress of installing setup of dhakkan.

We are going to apply same concept and techniques as performed in Dhakkan on different the platform

Let’s begin!

http://www.hackingarticles.in/beginner-guide-sql-injection-part-1/

Open given below targeted URL in the browser

So here we are going test SQL injection for “id=1″

Now use error base technique by adding an apostrophe () symbol at the end of input which will try to break the query.

In the given screenshot you can see we have got error message which means the running site is infected by SQL injection.

Now using ORDER BY keyword to sort the records in ascending or descending order for id=1

Similarly repeating for order 2, 3 and so on one by one

From screenshot you can see we have got error at order by 4 which means it consist only three records.

Let’s penetrate more inside using union base injection to select statement from different table.

 From screenshot you can see it is show result for only one table not for others.

Now try to pass wrong input into database through URL by replacing artist=1 from artist=-1 as given below:

 Hence you can see now it is showing the result for remaining two tables also.

Use next query to fetch the name of database

From screen shot you can read the database name acuart

Next query will extract current username as well as version of database system

Here we have retrieve 5.1.73 0ubuntu0 10.04.1 as version and [email protected] as current user

Through next query we will try to fetch table name inside the database

From screenshot you  read can name of first table is artists.

From screenshot you can read name of second table is carts.

Similarly repeat the same query for another table with slight change

We got table 3: categ

We got table 4: featured

Similarly repeat same query for table 4, 5, 6, and 7 with making slight changes in LIMIT.

We got table 7: users

Since we didn’t get anything when limit is set 8, 1 hence their might be 8 tables only inside the database.

concat function is use for concatenation of two or more string into single string.

 From screen you can see through concat function we have successfully retrieve all table name inside the

database.

May be we can get some important data from users table, so let’s penetrate more inside.  Again Use concat function for table users for retrieving its entire column names.

Awesome!!  We successfully retrieve all eight column names from inside the table users.

Then I have choose only four column i.e. uname, pass,email and cc for further enumeration.

Use concat function for selecting uname from table users by executing following query through URL

 From screenshot you can read uname: test

Use concat function for selecting pass from table users by executing following query through URL

 From screenshot you can read pass: test

Use concat function for selecting cc (credit card) from table users by executing following query through URL

From screenshot you can read cc: 1234-5678-2300-9000

Use concat function for selecting email from table users by executing following query through URL

http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,group_concat(email),3 from users

From screenshot you can read email: [email protected]

 Enjoy hacking!!

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Related Posts Plugin for WordPress, Blogger...

2 Comments Manual SQL Injection Exploitation Step by Step

  1. Stanley

    Hello admin.. please am trying to perform manual SQL on a site running on Apache 2.2 please the example here starting with “testphp” is not working on the sites URL. and please I want to know if every manual SQL must have ‘ARTISTS’ in url.

    Reply
  2. adam4adamn

    Good day I am so glad I found your web site, I really found you
    by accident, while I was searching on Google for something else, Nonetheless I am here
    now and would just like to say thank you for a incredible
    post and a all round entertaining blog (I also love the theme/design), I don’t have time to browse it all at
    the minute but I have bookmarked it and also included
    your RSS feeds, so when I have time I will be back
    to read much more, Please do keep up the excellent
    work.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *