SQL Injection

Structure Query Language which is used for database management & it is also used to
authenticate user at the time of login.

" "
' '
'( )'
"( )"

//
--
#

What is SQL Injection Attack?

SQL Injection Attack is a web application vulnerability where an attacker tries to

inject their malicious SQL Query/Statement to execute/process their own sql
staement to bypass the login authentication or to hack the database.

How to hunt for SQL Injection Vulnerability ?

To find out sql injection vulnerability in any web application, the attacker try to
find out a vulnerable parameter (Parameter is a field which take input from the
user and send that input to web application) & inject their malicious sql staement
in that parameter in a way that it'll execute on server.
Parameter take user input and send that input value to the webserver by using 2
methods, GET & POST.

If parameter use GET method then input value will be show on URL
If Parameter use POST method then it'll not show on URL

Impact of SQL Injection Attack:

# To Bypass Login Authentication

# To Know about the DATABASE

Bypass Login Authentication:

Authenticate user when password (input) is equal to password (Stored in database)

is true.

12345 (Input) = 123456 (Stored) False

asdf123 (Input) = asdf123 (Stored) True

By Default SQL have some true statement like 1=1, 0=0, x=x, =.

username: '123'or'1'='1 '

password: 456
uname='123'or'1'='1'&pass='456'

Google Search (Google Dork) to find Admin Login Pages:

inurl:admin/login.php/asp/aspx
inurl:adminlogin.php/asp/aspx
intitle:admin inurl:login
inurl:user/login.php/asp/aspx