MySQL Injection Tutorial For Beginners
Hey what’s up guys I’m C1PH3R and today we gonna learn MySQL Injection for beginners. This tutorial gonna be a piece of cake so grab your couches and start reading. 😉
– Understanding SQL Injection
– Tips & Tricks
– Searching for targets
– Testing target for vulnerability
– Finding Columns
– Getting vulnerable column
– Obtaining the version
so let’s start with our first topic…
Understanding SQL Injection
It is a web hacking technique which comes under top 10 attacks according to OWASP. It exists in majority of websites *yes majority* and there is 90% chance that you find your school site vulnerable to sqli.😛
Tips & Tricks
Usually beginners believe that tools developed by leets like Sqlmap are best for penetrating but these tools are available publically so most of the sites have secured against them and also learning it manually will have many merits like you will get a proper Understanding of what is going on behind the scenes.
When I started SQLi I literally had a low end machine running windows xp. All you need is a PC, an Internet connection and a firefox browser that’s it.
and yeah you will need a Firefox plugin called hackbar.
Searching for targets
The easiest method to find a target is by using google dorks. If you don’t know what are google dorks then don’t worry I will write a separate detailed post on it. For this tutorial just know that dorks are some search queries that we use on search engines to get our required victim.
Open up google.com and search this query : inurl:”products.php?prodID=”
this will give you websites with a parameter in their URL and thats what we were searching for 😀
You can get a wide range of dorks on google but I suggest you making your own dorks. Now you may be wondering how can u create your own dork then my friend need not to worry. Next tutorial will be covering all these.
Testing target for vulnerability
This is an important part so pay attention.
Using the dorks let’s assume that you got a site like this :
Now just add an asterik ‘ symbol at the end of the URL and Hit enter so the URL will look like this :
Now if the page has some error like
– Missing text, images, spaces or scripts from the original page.
– Any kind of typical SQL error message (fetch_array) etc.
Then the site is vulnerable. 😀
Finding total columns
So to find the total number of columns we will use a function called order by to do this just add order by 10–+- at the end of the URL.
no errors returned means the column is there, if there’s an error returned the
column isnt there
wxw.site.com/index.php?Client_id=23+order+by+1 < No Error
wxw.site.com/index.php?Client_id=23+order+by+2 < No Error
wxw.site.com/index.php?Client_id=23+order+by+3 < No Error
wxw.site.com/index.php?Client_id=23+order+by+4 < ERROR
From using order+by+ command and incremating the number each time until the page displays an error is the easiest method to find vulnerable columns, so from the examples above when attempting to order the columns by 4 there’s an error, and so column 4 doesn’t exist, so there’s 3 columns.
Finding Vulnerable Column
For getting the vulnerable column we will use UNION SELECT function to do this just add +Union+Select 1,2,3–+- at the end of the URL (please note that after the +union+select you have to write the total number of columns you found by separating with a comma.) and add a – sign on the parameter. Look at the URL closely it will look like this :
Now when the page is loaded it will have some numbers or a single number like 2 or 3 or 1 and that will be your vulnerable column.
Getting the database version
To get the database version we will user @@version function in place of the vulnerable column. for doing this just replace the vulnerable column with @@version
Lets say that vulnerable column is 2 then our URL will look like this :
What you need to look for is a series of numbers e.g:
So this was the end of the tutorial in the next tutorial we will continue this sql injection and will learn how to dump database for both the versions e.g version 4 and version 5
Until then Bye and have a safe hack.😀