A good tutorial of basic SQL injection (without a tool):
http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html
Notice the bottom entryuser-id field: ‘ OR 1= 1; /*
and in password field: */–
As it states in the image (from the kalitutorials website) the second statement gives you access to data of all accounts.
Why is this? because a 1=1 statement is “true” and we also have to enter something in the password field.
If the SQL data entry process (or function) does not dismiss this potential entry then there is a possibility that the SQL database response will be with all data or at least all data for the way the SQL function is calling in a specific table.
As the website mentions this is basically what the tools are performing in an automated manner, maybe with some variations in entries.
Another interesting bit of information are Dorks (an input query into a search engine(Google for example) which attempt to find websites with certain text included: inurl:”buy.php?category=” for example.
Notice the response UNION ALL SELECT null,null in the search
this is how your website can be “found out” by criminal hackers, as they try to find victims of their attacks.
And slowly but surely they then try to perform more sophisticated attacks using sqlmap and more
http://www.kalitutorials.net/2014/03/hacking-website-with-sqlmap-in-kali.html
With sqlmap you can test the url to inject with a command like
sqlmap -u <URL to inject>
As the hacker starts to map all your data they will get more and more info that is not really for public consumption (or so it was thought).
It is not a good idea to give out too much information without knowing any circumstances. As an ethical hacker one needs to have permission to attempt to crack(or hack) a database interface. And if it is giving out too much information then one has to mitigate this situation.
At this point I will leave more sqlmap hacking for a specific pentest situation.
Contact Us to discuss further details.