Hey all,
Today I thought I would write a tutorial on
SQL Injection. Now if you want to get anywhere with your hacking carrier you need to have this skill.
What is SQL Injection?SQL is a code injection technique that exploits a security flaw in the database layer of an application that uses a Structured Query Language. Basically it allows users to bypass if tests for user passwords and other inputs. It utilizes an old vulnerability in SQL's non-filtered escape characters.
So how does it work?Imagine this SQL code embedded into a PHP function:
$result = mysql_query( "SELECT * FROM users WHERE name = '" + $username + "'");
This code grabs a user's data from a database. The only problem is that you can still add more SQL query data onto the end of this query buy simply typing it onto the end of the original string.
How do I use it?The first example I am going to provide is an example of making the application drop the database table simply by adding in a few extra things onto our
$username variable.
You could set
$username to
Spy'; DROP TABLE users. So now our PHP code would look like this:
$result = mysql_query( "SELECT * FROM users WHERE name = 'Spy'; DROP TABLE users")
Example CodesHave have posted some example codes for your knowledge below.
Use this to display all values in a table column (user password for example).
'; exec master..xp_cmdshell 'syscommand'--
Execute a system command using a SQL bypass (an example of syscommand would be 'ping localhost')
Final NotesSo in the end if there is no protection against SQL injection on a website, if you have access to a form that acceses a database you have almost limitless potential to run any SQL command you want. The world is your oyster or something like that.
Have fun!