SQL Injection Tutorial: Part 1/3

0
3842

==THIS ARTICLE IS FOR EDUCATIONAL PURPOSES ONLY==

Hello everybody to the SQL Injection tutorial by HaCoder. In this SQL Injection tutorial series I will teach you the basics of SQL Injection. In this first part you will learn two types of SQL Injection and what is the difference between those two types.

Definition:

“SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)”

But basically with SQL Injection you can get databases, tables and finally columns from specific site. Now with that of course you can get accounts, credit card numbers, phone numbers, streets…

There are two types of SQL Injection attacks. Standard SQL Injection is when you type the code and error appears it gives you the answer right away. But when it comes to the Blind SQL Injection it outputs true or false; yes or no as an answer. I found great example of this on this article: https://danielmiessler.com/blog/a-fantasy-explanation-of-standard-vs-blind-sql-injection/ it says:

“To start with, you ask, “Tell me the Spanish word for the thing closest to the door.” The guard answers back, “I don’t know the Spanish word for ‘pile of gold’”. You then ask him the Spanish word for the most expensive thing in the room, and he responds, “I don’t know the Spanish word for “King’s Crown.”

This is something like standard SQL Injection, where you are asking the guard to perform some operation on the thing you’re asking for, and when it says it doesn’t understand it includes the answer you were looking for. This is the all-too-common ‘barf the database error on the screen’ scenario.”

SQL Injection on other hand:

“So now you just have to come up with a bunch of creative questions that will reveal information from nothing but yes/no answers. This is blind injection, and it will take much more time, since you’re not getting any output, but as long as you’re allowed to just keep asking it’s just a matter of getting enough responses.

“Does the item by the door start with the letter ‘a’?”

“No.”

“Does the item by the door start with the letter ‘b” ?”

“No.”

You then go down the list until you hit ‘g”, for gold. Now you move to the second letter. And so on.

In the database world this sounds something like, “Does the first table in the database have a first letter higher than ‘a’? If so, your query will go through and you’ll get whatever it was you were supposed to get from that page. If not, you’ll get the standardized error page.”

So I hope that now you know the difference between these two SQL Injection attacks. In next tutorial I will show you how attack vulnerable websites with basic SQL Injection.

==THIS ARTICLE IS FOR EDUCATIONAL PURPOSES ONLY==

NO COMMENTS

LEAVE A REPLY