Waraxe IT Security Portal
Login or Register
November 16, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 83
Members: 0
Total: 83
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Sql injection -> when is it suitable to use sql injection or blind sql?
Post new topicReply to topic View previous topic :: View next topic
when is it suitable to use sql injection or blind sql?
PostPosted: Wed Jul 08, 2009 7:27 pm Reply with quote
Kroo
Regular user
Regular user
Joined: Jul 07, 2009
Posts: 5




Ok i need some information regarding the topic above....still a newbie plzz explain surely help alot.Thanx 4 ur answer.
View user's profile Send private message MSN Messenger
PostPosted: Wed Jul 08, 2009 9:14 pm Reply with quote
tehhunter
Valuable expert
Valuable expert
Joined: Nov 19, 2008
Posts: 261




If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:

page.php?id=-1'

If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.

If you got past the last step, try something like

page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--

You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.

If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.

Do you not see any? Then you do.

I won't get into why but use that as a guide.
View user's profile Send private message
PostPosted: Wed Jul 08, 2009 10:21 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




It's easy decision - if there is possibility, then use visual feedback. Even better, if it's able to to multi-row fetch. Blind injection is last resort method. It has bad performance and in case of delay based tricks it can be unreliable, but still - it can do the magic, if implemented correctly.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Jul 09, 2009 4:29 am Reply with quote
Kroo
Regular user
Regular user
Joined: Jul 07, 2009
Posts: 5




Wow, that explain alot....thanx ur guys. I'll be back with more question. Thanx to tehhunter and warexe too for ur explaination that really reignite my interest.
View user's profile Send private message MSN Messenger
PostPosted: Fri Jul 10, 2009 3:39 am Reply with quote
heaths
Beginner
Beginner
Joined: Jul 10, 2009
Posts: 1
Location: heaths




Thanks for sharing this useful information. It's great.
simulationcredit
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
PostPosted: Fri Jul 10, 2009 6:10 pm Reply with quote
Kroo
Regular user
Regular user
Joined: Jul 07, 2009
Posts: 5




tehhunter wrote:
If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:

page.php?id=-1'

If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.

If you got past the last step, try something like

page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--

You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.

If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.

Do you not see any? Then you do.

I won't get into why but use that as a guide.


Yo..tehhunter on the above statement u said something on exploitable parameter right...well i guess the number 4 there is something that u relate to exploitable parameter.

So my question is this how do I find the exploitable parameter if i got a website something like this e.g www.site.com, cause i don't see any number there.
View user's profile Send private message MSN Messenger
PostPosted: Fri Jul 10, 2009 6:42 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




If you are beginner, then why not use automated scanners like this one:

http://www.acunetix.com/
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Jul 10, 2009 8:15 pm Reply with quote
Kroo
Regular user
Regular user
Joined: Jul 07, 2009
Posts: 5




waraxe wrote:
If you are beginner, then why not use automated scanners like this one:

http://www.acunetix.com/

Goody thanks waraxe u are such a helpful admin...I'm starting to love this forum already.
View user's profile Send private message MSN Messenger
PostPosted: Sun Sep 27, 2009 1:48 am Reply with quote
javiercmh
Beginner
Beginner
Joined: Jul 30, 2009
Posts: 3




Kroo wrote:
tehhunter wrote:
If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:

page.php?id=-1'

If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.

If you got past the last step, try something like

page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--

You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.

If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.

Do you not see any? Then you do.

I won't get into why but use that as a guide.


Yo..tehhunter on the above statement u said something on exploitable parameter right...well i guess the number 4 there is something that u relate to exploitable parameter.

So my question is this how do I find the exploitable parameter if i got a website something like this e.g www.site.com, cause i don't see any number there.


Hi,
In your example, (www.site.com) there's no number, because you aren't looking for it. To find those numbers, you have to look for them using a search engine. I prefer Google because it has a very useful command:
'allinurl:' (with no '') all you have to do, following the example you quoted, is to search: "allinurl:something.php?id=4" .

The allinurl command is used for searching content in URLs of any webpage. Then we have a special word, that is «something» in this case. You have to be creative and write the word you think will return a lot of results (like news, noticia, article, etc). Finally we have .php?id=4 (any number), this means that we will find pages in php, and with a modifier id=NUMBER. In this NUMBER you also have to use your imagination and choose the number you think is the best for your interests.

I hope that helps, sorry for my spelling (maybe grammar), WYNH (formally javiercmh) Smile
View user's profile Send private message
when is it suitable to use sql injection or blind sql?
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.044 Seconds