Uncategorized

BRACA BRATSKA

SQL Tutorial written by r3arch Table of Contents Introduction Part One – Website AssessmentSection One – Finding a vulnerable websiteSection Two – Determining the amount of columnsSection Three – Finding which columns are vulnerable Part Two – Gathering InformationSection One – Determining the SQL versionSection Two – Finding the database Part Three – The Good StuffSection One – Finding the table namesSection Two – Finding the column namesSection Three – Displaying the column contentsSection Four – Finding the admin page ======= Introduction Here you will find a very detailed, step by step tutorial originally written by Neurological on SQL injection. This is purely for educational purposes and is to be used at the discretion of the reader. First we have to know what SQL injection is exactly. According to Wikipedia: “SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.” Now, that’s only the first paragraph. I would advise readinghttp://en.wikipedia.org/wiki/SQL_injection Before going on. Once you have finished that and you understand, we can begin. ======= Part One – Website Assessment In order for us to start exploiting a website, we must first know exactly what we are injecting into. This is what we will be covering in Part One, along with how to assess the information that we gather. == Section One – Finding a vulnerable website Vulnerable websites can be found using dorks (Appendix I), either in Google or with an exploit scanner. For those of you that are unfamiliar with the term “dorks”, I will try to explain. Dorks are website URLs that are known to be vulnerable. In SQL injection these dorks look like inurl:buy.php?id= . This will be inputted into a search engine, and because of the inurl: part of the dork, the search engine will only return results with URLs that contain the same characters. Some of the sites that have this dork on their website may be vulnerable to SQL injection. Now, let’s say we’ve found the page http://www.site.com/buy.php?id=1 In order to test this site, all we need to do is add an apostrophe, either in between the value (in this case, the “1”) and the operator (the “=” sign) so it looks like http://www.site.com/buy.php?id=’1 or after the value (“1”) so that it looks like http://www.site.com/buy.php?id=1′ After pressing enter, if this website returns an error along the lines of “Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home1/michafj0/public_html/gallery.php on line 7” it’s vulnerable to injection. In the case where you are to find a website such ashttp://www.site.com/buy.php?id=1&dog;catid=2 You must use the first technique, where you add an apostrophe between the value (in this case the number) and the operator (the “=” sign) so that it looks like http://www.site.com/buy.php?id=’1&dog;catid=’2 There are programs that will do this for you, but, to start off, I would suggest simply to do things manually, using Google. After getting skilled enough at this, if you particularly wanted a program for this, I would recommend using the Exploit Scanner by Reiluke.== Section Two – Determining the amount of columns In order for us to be able to use commands and get results, we must know how many columns there are on a website. To find the number of columns, we must use a very complex and advanced method that I like to call “trial and error” with the ORDER BY command Biggrin. Note: SQL does not care whether or not your letters are capitalized or not. I am doing it for the clarity of this tutorial. To find the number of columns, we write a query with incrementing values until we get an error. http://www.site.com/buy.php?id=1 ORDER BY 1 <-No errorhttp://www.site.com/buy.php?id=1 ORDER BY 2 <-No errorhttp://www.site.com/buy.php?id=1 ORDER BY 3 <-No errorhttp://www.site.com/buy.php?id=1 ORDER BY 4 <-No errorhttp://www.site.com/buy.php?id=1 ORDER BY 5 <-error! In this example, there are four columns. Be sure not to forget a double null () after the query. It marks when the code ends. == Section Three – Finding which columns are vulnerable Now that we know, in our example, that there are four columns, we have to find out which ones are vulnerable to injection. To do this we use the UNION and SELECT queries while keeping the double null () at the end of the string. There is also one other difference. It is small in size but not in importance. See if you can spot it. http://www.site.com/buy.php?id=-1 UNION SELECT 1,2,3,4 If you couldn’t spot the difference, it’s the extra null in between the operator and the value. buy.php?id=-1 Now, after entering that query, you should be able to see some numbers somewhere on the page that seem out of place. Those are the numbers of the columns that are vulnerable to injection. We can use those columns to pull information from the database, which we will see in Part Two. ======= Part Two – Gathering Information In this part, we will discover how to find the name of the database and what version of SQL the website is using by using queries to exploit the site. == Section One – Determining the SQL version. Finding the version of the SQL of the website is a very important step because the steps you take for version 4 are quite different from version 5 in order to get what you want. In this tutorial, I will not be covering version 4 because it really is a guessing game and for the kind of sites that are still using it, it’s not worth your time. If we look back to the end of Section Three in Part One we saw how

Lopovske vlade su nakon ovih otkrica resile da cenzurisu antarktik, sredinom proslog veka, jer su u UN sklopili Antarkticki Sporazum, i do dana danasnjeg odlazak tamo je moguc samo do odredjene tacke.. U ovu pricu su svi umesani..Sta oni kriju tamo videcete uskoro kada dodjem do svih 168 fotografija.. Ove fotografije su procurele prosle godine ..Vidite i uverite se da ste svoj zivot proveli u lazima…Ne radi se samo o Antarktiku. U PITANJU JE SVE. Sada cete da vidite zasto se ne moze na antarktik, jer je tamo jedan od ulaza u Podzemlje. Gde je GOSPOD ZAROBIO PALE ANDJELE. Atlantida, Agarta,Shimbala,Sheol, BEZDAN VELIKI. Na fotografiji se lepo vide uputstva za ulazenje podmornicom 1500 km ispod antarktika Imaju uputstva da se ne sme pucati na mete u vodi i vazduhu.. Vasi VANZEMALJCI imaju i Ambasadora na zemlji. Tamarinda Maassen. Demon koji Zavodi svet.. ONI SU POSLE SVOJE POBUNE PROTIV BOGA OSTALI ZAROBLJENI NA ZEMLJI. U ZEMLJI GDE na fotografiji vidimo da vladaju drugi zakoni fizike i kompasa. Antarctic, Lebanon, Egipat,Vavilon, Bermudski trougao, Kalifornija, CERN ce ih pustiti napolje.