SQL Injection Part 1

In SQL Injection – Intro we have learned: What is SQLi? and Types of SQLi. Now in this article we will setup lab for SQLi and test SQL vulnerabilities in Web Applications.

I have used Pentester Lab VM image, you can download it from here.

vmware workstation – Download

Setup Lab

First download the iso file and vmware workstation (you can use other VM too) from above link.

  • Install vmware and open it and click on *Create a New Virtual Machine*. Then choose iso file you have downloaded and click on next.
    VM screenshot
    Choose iso

     

  • Now in this step customize Hardware same as following Screenshot and click on finish.
    Setting Screenshot
    Hardware setting

     

  • Now go to your vm and click on *Play virtual machine*.
  • Once image boots up type ifconfig  and note down IPv4 IP (in my case its 192.168.234.129) .
  • Now open browser and type IP in the address bar (My IP is different from above for some reasons in your case use the same IP as shown in your VM).

Its done !! Your vulnerable Image is ready for testing and attacks now.

Testing Web Applications to Find SQL Injection Vulnerabilities

Now the question is how can you find vulnerabilities in the web application. You can use following Characters to check vulnerabilities. Or you can use Spidering . Watch following video to know more abut Spidering . Read Spidering article here

Character                     Function
‘                                    String indicator (‘string’)
”                                   String indicator (“string”)
+                                  Arithmetic operation, or concatenate (combine) for MS SQL Server and DB2
||                                  Concatenate (combine) for Oracle, PostgreSQL
concat(“”,””)                 Concatenate (combine) for MySQL
*                                   Wildcard (“All”) used to indicate all columns in a table
%                                  Wildcard (“Like”) used for strings:
‘%abc’                          (ending in abc)
‘%abc%’                       (containing abc)
;                                   Statement terminator
()                                 Group of data or statements
—                                 Comment (single line)
#                                  Comment (single line)
/*comment*/                Multiline comment

 

Example of using above Character to check Vulnerability

  • First find a url with ‘id=’ exa: “example.com?id=”.
  • Here in following screenshot the url is *http://192.168.234.136/cat.php?id=18*
  • Now put the first character from above table in the last of the url to check vulnerability. If the page gives SQL error then the web application is vulnerable to SQLi. SQL error looks like following Screenshot.
Vulnerability Check Screenshot
Vulnerability Check

 

 

Thankyou for reading!! Hope you like this article. Share it with your friends. Like us on facebook!!

 

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *