Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
March 29, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 835
Members: 0
Total: 835
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Sql injection -> when is it suitable to use sql injection or blind sql?
Post new topic  Reply to topic View previous topic :: View next topic 
when is it suitable to use sql injection or blind sql?
PostPosted: Wed Jul 08, 2009 7:27 pm Reply with quote
Kroo
Regular user
Regular user
 
Joined: Jul 07, 2009
Posts: 5




Ok i need some information regarding the topic above....still a newbie plzz explain surely help alot.Thanx 4 ur answer.
View user's profile Send private message MSN Messenger
PostPosted: Wed Jul 08, 2009 9:14 pm Reply with quote
tehhunter
Valuable expert
Valuable expert
 
Joined: Nov 19, 2008
Posts: 261




If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:

page.php?id=-1'

If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.

If you got past the last step, try something like

page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--

You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.

If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.

Do you not see any? Then you do.

I won't get into why but use that as a guide.
View user's profile Send private message
PostPosted: Wed Jul 08, 2009 10:21 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




It's easy decision - if there is possibility, then use visual feedback. Even better, if it's able to to multi-row fetch. Blind injection is last resort method. It has bad performance and in case of delay based tricks it can be unreliable, but still - it can do the magic, if implemented correctly.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Jul 09, 2009 4:29 am Reply with quote
Kroo
Regular user
Regular user
 
Joined: Jul 07, 2009
Posts: 5




Wow, that explain alot....thanx ur guys. I'll be back with more question. Thanx to tehhunter and warexe too for ur explaination that really reignite my interest.
View user's profile Send private message MSN Messenger
PostPosted: Fri Jul 10, 2009 3:39 am Reply with quote
heaths
Beginner
Beginner
 
Joined: Jul 10, 2009
Posts: 1
Location: heaths




Thanks for sharing this useful information. It's great.
simulationcredit
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
PostPosted: Fri Jul 10, 2009 6:10 pm Reply with quote
Kroo
Regular user
Regular user
 
Joined: Jul 07, 2009
Posts: 5




tehhunter wrote:
If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:

page.php?id=-1'

If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.

If you got past the last step, try something like

page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--

You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.

If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.

Do you not see any? Then you do.

I won't get into why but use that as a guide.


Yo..tehhunter on the above statement u said something on exploitable parameter right...well i guess the number 4 there is something that u relate to exploitable parameter.

So my question is this how do I find the exploitable parameter if i got a website something like this e.g www.site.com, cause i don't see any number there.
View user's profile Send private message MSN Messenger
PostPosted: Fri Jul 10, 2009 6:42 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




If you are beginner, then why not use automated scanners like this one:

http://www.acunetix.com/
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Jul 10, 2009 8:15 pm Reply with quote
Kroo
Regular user
Regular user
 
Joined: Jul 07, 2009
Posts: 5




waraxe wrote:
If you are beginner, then why not use automated scanners like this one:

http://www.acunetix.com/

Goody thanks waraxe u are such a helpful admin...I'm starting to love this forum already.
View user's profile Send private message MSN Messenger
PostPosted: Sun Sep 27, 2009 1:48 am Reply with quote
javiercmh
Beginner
Beginner
 
Joined: Jul 30, 2009
Posts: 3




Kroo wrote:
tehhunter wrote:
If you think you have an exploitable parameter (.php?id=4 for example) then try something like this:

page.php?id=-1'

If you get an error, yes you have an exploitable parameter. Otherwise switch in " or any other characters.

If you got past the last step, try something like

page.php?id=-1' UNION SELECT 1--
page.php?id=-1' UNION SELECT 1,2--
page.php?id=-1' UNION SELECT 1,2,3--
...
page.php?id=-1' UNION SELECT 1,2,3,4,5,6,7,8,9--

You should be seeing an error about the improper number of columns. Keep adding numbers, starting from 1, until that error disappears. Note the largest number you typed.

If the page loads normally, look around for any of the numbers (1,2,3...9). See any? If so, you don't need blind sql injection.

Do you not see any? Then you do.

I won't get into why but use that as a guide.


Yo..tehhunter on the above statement u said something on exploitable parameter right...well i guess the number 4 there is something that u relate to exploitable parameter.

So my question is this how do I find the exploitable parameter if i got a website something like this e.g www.site.com, cause i don't see any number there.


Hi,
In your example, (www.site.com) there's no number, because you aren't looking for it. To find those numbers, you have to look for them using a search engine. I prefer Google because it has a very useful command:
'allinurl:' (with no '') all you have to do, following the example you quoted, is to search: "allinurl:something.php?id=4" .

The allinurl command is used for searching content in URLs of any webpage. Then we have a special word, that is «something» in this case. You have to be creative and write the word you think will return a lot of results (like news, noticia, article, etc). Finally we have .php?id=4 (any number), this means that we will find pages in php, and with a modifier id=NUMBER. In this NUMBER you also have to use your imagination and choose the number you think is the best for your interests.

I hope that helps, sorry for my spelling (maybe grammar), WYNH (formally javiercmh) Smile
View user's profile Send private message
when is it suitable to use sql injection or blind sql?
  www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB © 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.163 Seconds