Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      F B I

      SQL Injection

      Recommended Posts

      Spoiler

      SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.

      Look at the following example which creates a SELECT statement by adding a variable (txtUserId) to a select string. The variable is fetched from user input (getRequestString):
      Example
       

      Quote

      txtUserId = getRequestString("UserId");
      txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

      The rest of this chapter describes the potential dangers of using user input in SQL statements.
      SQL Injection Based on 1=1 is Always True

      Look at the example above again. The original purpose of the code was to create an SQL statement to select a user, with a given user id.

      If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this:

      UserId:

      Then, the SQL statement will look like this:
       

      Quote

      SELECT * FROM Users WHERE UserId = 105 OR 1=1;

      The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE.

      Does the example above look dangerous? What if the "Users" table contains names and passwords?

      The SQL statement above is much the same as this:
       

      Quote

      SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;

      A hacker might get access to all the user names and passwords in a database, by simply inserting 105 OR 1=1 into the input field.

      SQL Injection Based on ""="" is Always True

      Quote

      uName = getRequestString("username");
      uPass = getRequestString("userpassword");



       

      Quote

      sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'

      Result

      Quote

      SELECT * FROM Users WHERE Name ="John Doe" AND Pass ="myPass"

      A hacker might get access to user names and passwords in a database by simply inserting " OR ""=" into the user name or password text box:

      The code at the server will create a valid SQL statement like this:

      Quote

      SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

      The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always TRUE.

      SQL Injection Based on Batched SQL Statements 

      Most databases support batched SQL statement.

      A batch of SQL statements is a group of two or more SQL statements, separated by semicolons.

      The SQL statement below will return all rows from the "Users" table, then delete the "Suppliers" table.

      Example

      Quote

      SELECT * FROM Users; DROP TABLE Suppliers

      Look at the following example:

      Example

      Quote

      txtUserId = getRequestString("UserId");
      txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

      And the following input:

      User id: 105; DROP TABLE Suppliers

      The valid SQL statement would look like this:

      Result

      Quote

      SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers;

      Use SQL Parameters for Protection

      To protect a web site from SQL injection, you can use SQL parameters.

      SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.

      ASP.NET Razor Example

      Quote

      txtUserId = getRequestString("UserId");
      txtSQL = "SELECT * FROM Users WHERE UserId = @0";
      db.Execute(txtSQL,txtUserId);

      Note that parameters are represented in the SQL statement by a @ marker.

      The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed.

      Another Example

      Quote

      txtNam = getRequestString("CustomerName");
      txtAdd = getRequestString("Address");
      txtCit = getRequestString("City");
      txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)";
      db.Execute(txtSQL,txtNam,txtAdd,txtCit);

      Examples

      The following examples shows how to build parameterized queries in some common web languages.

      SELECT STATEMENT IN ASP.NET:

      Quote

      txtUserId = getRequestString("UserId");
      sql = "SELECT * FROM Customers WHERE CustomerId = @0";
      command = new SqlCommand(sql);
      command.Parameters.AddWithValue("@0",txtUserID);
      command.ExecuteReader();

      INSERT INTO STATEMENT IN ASP.NET:

      Quote

      txtNam = getRequestString("CustomerName");
      txtAdd = getRequestString("Address");
      txtCit = getRequestString("City");
      txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)";
      command = new SqlCommand(txtSQL);
      command.Parameters.AddWithValue("@0",txtNam);
      command.Parameters.AddWithValue("@1",txtAdd);
      command.Parameters.AddWithValue("@2",txtCit);
      command.ExecuteNonQuery();

      INSERT INTO STATEMENT IN PHP:

      Quote

      $stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City)
      VALUES (:nam, :add, :cit)");
      $stmt->bindParam(':nam', $txtNam);
      $stmt->bindParam(':add', $txtAdd);
      $stmt->bindParam(':cit', $txtCit);
      $stmt->execute();

       

       

      Share this post


      Link to post
      Share on other sites

      Yep, some basics.

      Later on you'll need to hit some things more aggressively to really get between those Databases cheeks  $$$$$$

      >:)

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Course Content:
          ◾️Why SQL Injection Matters
          ◾️Understanding SQL Queries
          ◾️The Mechanics of SQL Injection Attacks
          ◾️Discovering Schema and Extracting Data
          ◾️Blind SQL Injection
          ◾️Advanced SQL Injection Concepts
          ◾️Defending Against Attacks
          ◾️Evasion Techniques
          ◾️Automating Attacks

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
          Changelog v1.4.11
          Fixes #4413
          https://github.com/sqlmapproject/sqlmap/issues/4413

          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. This project is a simple collection of various shellcode injection techniques, aiming to streamline the process of endpoint detection evaluation, besides challenging myself to get into the Golang world.

          Hidden Content
          Give reaction to this post to see the hidden content.