Hack remote databases using SQL injection

golibrary (37)in #steempress • 6 years ago

What is SQL Injection

SQL injection is a technique of injecting malicious SQL queries in query string of a website vulnerable to SQL injection. Using SQL injection, one can take over a vulnerable website by getting access to all data, deface a website, tamper existing website data and a lot more. SQL injection attacks are extremely dangerous and vulnerable websites are at high risk of leaking confidential data which might affect them as well as all it's stake holders.

In this blog, I will show you how to find out a website vulnerable to SQL injection and thereby exploit the vulnerability using a tool called SQLMap

We are going to use google dorks to find out a vulnerable website. If you don't know what are google dorks, please read my previous blog here

Let's use a simple google dork to find out vulnerable SQLi site as below:-

inurl:index.php?id=

The above will return a large number of search results all of which aren't obviously vulnerable but certainly are a good candidate for SQL injection attacks if they do not sanitize the query string properly and thus execute the injected SQL query.

Quick check to find SQL injection vulnerability

Out of the search results , returned by the above google search, I spotted a website karaoke.co.nz, vulnerable to SQL injection. Visiting the URL, http://karaoke.co.nz/items/index.php?id=37 and then appending a single quote at the end of this URL, shows that it's not able to sanitize query strings properly. Check this URL:-

http://karaoke.co.nz/items/index.php?id=37' which gives the below error:-

Unable to query local database to select IdentifierYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1
select * from Category where Identifier = 37'

Below is a partial dump of one of the DB tables of this site:-

SQLMAP DUMP

To use SQLMap, download and install python first from here. Once done, download and install SQLMap from here

Once installed , go to the location where sqlmap is installed and type the below command to get familiarized with SQLMap

[gistpen id="1962"]

Use the below SQLMap commands to dump all the databases of the vulnerable site

[gistpen id="1925"]

The above will return database names. claireg_karaoke and information_schema in this case.

Use the below commands to get list of tables and other diagnostic data out of those databases.

[gistpen id="1927"]

[gistpen id="1929"]

Once we have table names, let's get the column names using below commands:-

[gistpen id="1931"]

[gistpen id="1933"]

The above commands "sqlmap-4" & "sqlmap-5" will return columns of the table specified by <table name>. Once we have all the info dumped, we can use it in whatever way we need.

Once you have the column names, you can dump their values using the below commands

[gistpen id="1955"]

It's also possible to dump the entire database using the option --dump-all

What more can be done to exploit this vulnerability ? Let's try to manipulate the query string and change the html webpage

Since, the website is not able to sanitize the query string, we can insert an image in the HTML page by tampering the query string. The below link shows the exploit

HTML injection

Happy hacking !!

Disclaimer:- The content is for educational purpose only. Any unethical usage of the info on this website is not my responsibility.

Like us at GolibraryIndia to get regular updates.

Posted from my blog with SteemPress : http://www.golibrary.co/hack-remote-databases-using-sql-injection/

#steem #golibrary #technology #cybersecurity