SQL INJECTION

11 January 2025 17:36

INTRODUCTION
1) SQL is the structured query language for storing and processing information in the relational
database.
2) SQL injection is the hacking technique which is the placement of the malicious code in the SQL
statement, via web page input.
3) Any website that is using MYSQL or ORACLE server can be vulnerable to SQL injection.

To validate the password in the SQL Database below query is used:

SELECT *
FROM table name
WHERE Username = 'username'
AND Password = 'password

4) Hacker put below code as a credential into the login page

5) Where the query becomes:

SELECT *
FROM table name
WHERE Username = ''OR 1=1--'
AND Password = 'password'

6) SQL Injection can be prevent using below options:

-Input Validation.
-Bind the parameters.
-Regularly Scan web Applications.

7) TYPES OF THE SQL INJECTION

In-band SQLi
Error-based SQLi
-Relies on error messages.
- Thrown by the database server.
- To obtain information.
- About the structure of the database.

Union-based SQLi
- Leverage the union based operator.
- To combine results of two/more SELECT statements in the Input tab.
- Which is returned as part of the HTTP response.

Inferential SQLi

New Section 1 Page 1

 Inferential SQLi
-Also known as the blind SQLi.
-More Time Taking.
-Boolean-based Blind SQLi.
-Time-based Blind SQLi.

How this Inferential SQLi works

-Suppose Agar apne input mai kuch special characters dale and wo jab server database mai
jakar wo input search karega toh database ki search query mai problem create hogi lekin hame
server error show nhi karega , jis waja se confusion create hogi hamare end mai matlab hame
pata hi lagega ki hamari query run ho rahi hai ya nhi, toh iss situation mai hum two types per
focus karte hai

Boolean-based Blind SQLi.

- Relies on sending an SQL query to the database.
-Which forced the application to return a different result.
-Depend on query type(true or false)

iss mai hum sql ki query ke sath jo search karna hai wo dalte hai , agar sql ki query true hai ( ''
OR 1=1-- ) toh hame kuch result milega else agar sql ki query false hai ( " OR 1=2--) toh hame
kuch bhi show nhi karega toh isse pata chalega ki hamari query run ho rahi hai ya nhi.

Time-based Blind SQLi.

-Forces the database to wait for a specified time.
-This attack is typically slow
-Response time will indicate result of TRUE/FALSE query.
-Since enumeration is done character by character.

Ex - input mai agr SQL ka function SLEEP(10) use kiya and agr database ne 10 sec liye repond
karne keliye toh hame smj jayga ki hamri sql ki query work kar rahi hai and ye bhi samjenga ki
vulnerability hai ya nhi

8) How to SQLi/ SQLi methodology.

-Understand the website working.
-Search for parameters.
-Try to generate error and Solve the generated error.
-Accessing DB using Tools. (SQLMap, Jsql injection, BBQSQL, SQL Ninja), These tools helps in
the automation process of the SQLi.

9) How to Perform?
-Selecting target parameter
-Testing for manual SQL
-Use tools to exploit the DB.
-Report the vulnerability.

New Section 1 Page 2

New Section 1 Page 3