Hacking, Hacking Tools, Vulnerability

How to Perform Manual SQL Injection With Integer Based Method



SQL Injection

Today we will perform manual SQL injection with integer based method for the MySQL database. I hope the last article on error based string injection is useful to everyone, especially for beginners.Now I will quickly drive into yet another writing for SQL injection with the integer based method.

SQL Injection ONLINE LAB:

  • Beginners can use this website to practice skills for SQL injection
  • To Access the LAB Click Here

STEP 1: Breaking the Query

  • Visting the website testphp.vulnweb.com/artists.php?artist=1 
  • let us add & check single quote to existing URL to check whether the website is vulnerable to SQL Injection by adding testphp.vulnweb.com/artists.php?artist=1′

  • Here we are trying to break query to receive error messages with the database so that we can balance the query.
  • But we are not getting error statements with respect to our input, which means single quote as input.
  • Now I understand that when the input string is not getting an error with the database, let me try to fix without a single quote.

  • Above figure shows that website is getting fixed & we have joined the query with no errors with integer method.So this is called as SQL Injection With Integer Based Method.

STEP 2: Finding the Backend Columns

  • It is time to have a conversation with the database to find the number of columns.To enumerate columns we can use order by command.
  • Let me ask database with any number so that I can check that columns availability in the database.

SQL injection

  • Above figure, I have asked for 4 columns, but it throws an error.
  • Keep asking database, let me ask for 3 columns !!!

SQL injection

  • Above Figure shows no SQL errors, Yes! we have only 3 columns

STEP 3: Finding the Backend Table & Table Names

  • Let us ask database its table path with the command union all select 

SQL injection



  • Above figure shows the execution of union all select gives the path of tables.2 & 3 the tables path.

SQL injection

  • Above figure shows the execution of database() & version() on the path of tables 2 & 3 provides us the database name and version.
  • So here database name is acuart and version is 5.1.73-0ubuntu0.10.04.1

STEP 4: Dumping Database Tables

  • Group_concat() is the function returns a string with the concatenated non-NULL value from a group.
  • So we can use this Function to list all Tables from the database.
  • In Addition, we can use Information_Schema to view metadata about the objects within a database

SQL injection

  • The Above Figure shows the dump of all tables as carts,categ,featured,guestbook,pictures,products,users

STEP 5: Dumping all Data in Columns of Tables

  • Here I will dump for users in table

SQL injection

  • The Above Figure shows the dump of all columns of tables contains
    uname,pass,cc,address,email,name,phone,cart.

STEP 6: Dumping all Usernames & passwords

  • Here we can dump all usernames & passwords in the database.

  • Here we got the username as test and password as test !!!!
  • practice and try to dump all columns of tables contains cc,address,email,name,phone,cart. Happy Hacking !!!


Source : GBHackers



Previous ArticleNext Article

Founder and Editor-in-Chief of ‘Professional Hackers India’. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.