SQL Injection Tutorial -Part1

Add This To Del.icio.us Share on Reddit Add to Technorati Digg This

According to OWASP SQL Injection is the most common technique used by hackers to Deface a website. SQL Injection is a technique in which the hacker inserts SQL codes into a web Form to get Sensitive information like (User Name , Passwords) In following Series Mr srinvas will explain the Various types of SQL Injections

Things You Should Know
Database: In simple words Database is a collection of data.
Examples: MSSQL, MS-ACCESS, Oracle

SQL: Structured Query Language. Inorder to communicate with the database, we use SQL Queries..A query is a set of instructions sent to the database. They tell the database to find some information from a table or elsewhere in the database.


SQL injection:SQL injection is a hacking technique. To be precise, it is a technique to access the database of the website without authorization.

How Websites Work?
When we enter our login name and password, the program will search for accounts in its database where the username and password is corresponding to the ones entered by the user.

The sql query looks like this

SELECT * FROM users
WHERE Login Name = $_GET [‘Login Name’]
AND password = $_GET [‘password’]

This query tells the database to find rows in the users table where the values in the user name and password columns equal the values entered by the user.Let us say login name is “admin And password is “password”

Now the query becomes

SELECT * FROM users
WHERE Login Name = admin
AND password = password

Bypassing  Authentication
Finding A Vulnerable Website
First we need to find a vulnerable website. We can take the help of google for this.There are many google dorks to find SQLI vulnerable websites.

Example :

Inurl:admin login.asp
Inurl:login.asp etc

Go to google and type the dork. You will see number of websites. Select any of them.You can test the vulnerability by simply adding a single quote at the end of the URL. If returns an error or blank page, it is vulnerable to SQL injection


Injecting Strings
Now we are going to login to the admin’s account without knowing his password.
1. Use a known username or admin to write into the Login Name field.
2. Enter the string  ' or 1=1 – –    into the password box.
3. Click the “submit”  button.

Now your query will become

SELECT * FROM users
WHERE Login Name = admin
AND password = ' or 1=1 – –  

The database will find every single row in the table, because no matter what the values in the row are, ‘1’ will always equal ‘1.’ This result is that the website grants access even though the password was incorrect. So you will be logged in.


Demonstration

Legal Disclaimer:
This demonstration is just to make the people aware of SQL injection on websites. Not to encourage the people to hack into websites. I will not be held responsible if you do anything illegal.

For the purpose of the tutorial i have selected www.XYZ.com, which is  vulnerable to SQL injection

Now open the login page of the website.

Now put your SQL string in both user name and password fields and click submit.That's it. You will be logged in. There are many SQL strings available you can google or you can craft your own strings.

Hope you enjoyed the tutorial , Please pass your comments for further doubts and clarifications

About the Guest Author:
This article is written by Mr Srinivas, He owns Hackinginception where he writes articles related to hacking .If your interested in writing a guest post @Hackaholic please contact me

Enjoyed this article?

Subscribe to "Hackaholic"and get daily

updates in your inbox for free!