How Dangerous is SQL Injection?

A good tutorial of basic SQL injection (without a tool):

http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html

manualsqlinjection

Notice the bottom entryuser-id field: ‘ OR 1= 1; /*

and in password field: */–

As it states in the image (from the kalitutorials website) the second statement gives you access to data of all accounts.

 

Why is this? because a 1=1 statement  is “true” and we also have to enter something in the password field.

If the SQL data entry process (or function) does not dismiss this potential entry then there is a possibility that the SQL database response will be with all data or at least all data for the way the SQL function is calling in a specific table.

 

As the website mentions this is basically what the tools are performing in an automated manner, maybe with some variations in entries.

 

Another interesting bit of information are Dorks  (an input query into a search engine(Google for example) which attempt to find websites with certain text included:  inurl:”buy.php?category=”   for example.

dorksearchquery

 

Notice the response UNION ALL SELECT null,null in the search

 

this is how your website can be “found out” by criminal hackers, as they try to find victims of their attacks.

And slowly but surely  they then try to perform more sophisticated attacks using sqlmap and more

http://www.kalitutorials.net/2014/03/hacking-website-with-sqlmap-in-kali.html

With sqlmap you can test the url to inject with a command like

sqlmap -u <URL to inject>

As the hacker starts to map all your data they will get more and more  info that is not really for public consumption (or so it was thought).

 

 

It is not a good idea to give out too much information without knowing any circumstances. As an ethical hacker one needs to have permission to attempt to crack(or hack) a database interface. And if it is giving out too much information then one has to mitigate this situation.

At this point I will leave more sqlmap hacking for a specific pentest situation.

Contact Us to discuss further details.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.