The Untold SQLi Attacks
Several months have passed by without any new security publications. Hoping to unveil my current research at this time labelled “The Untold SQLi Attack.” I would like to show some few different ways of exploiting the popular vulnerability known as SQL injection. According to OWASP, SQL injection is the crafting of malicious sql queries through the input data from the client to the application. A successful SQL Injection (SQLi) can read, insert, update, delete, execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system(read more).
Without talking much, let’s get started
Testing for SQLi:
The above commands and methodology are what most of us are familiar with. When a database server and web server are run on the same system and share the same underlying file system, having an SQL injection and sufficient conditions (file permissions,DB privileges) are met then we can even upload a backdoor shell or read/download server configurations or files whose locations are generally predefined. Are there more ways of exploitations? Answer is Yes… Let’s see it.
You can see that the user has FILE privileges, as illustrated in the above screenshot, and we can use this to read / write files from the injection if the file system permissions allow this; To read / write files to the file system, MySQL runs a separate user account.
Great, we have a shell access to the server. Please note: This demonstration took place on a windows machine. When it comes to a linux machine, some commands and paths may vary.
Must Read: https://medium.com/@cybertest72/how-i-hacked-the-government-with-just-google-af3fc020717d
IG: that_faceless_coder
#TeamInveteck