In current context of digitized world where everything is done over internet, lot of information can be found online. The data can either be private to people or can be public to everyone with no privacy. Everyday lots of data are getting stored in different databases of different websites throughout the world and it is becoming harder to store and protect the data from evasion at the same time. Unauthorized access to such databases can lead to leak of large amount of confidential information related to a person or even an organization. Hackers tend to steal a lot of information through such database by getting either getting authorized or unauthorized access. One of the most common method to get an access to the information's available in a websites database is SQL injection based attacks.
SQL Injection is a type of an injection attack that makes it possible to execute malicious SQL Statements. With the right set of queries, a user can gain access, update and even modify information stored in databases. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior. Sql injection is a step by step attack in the database of the website. Steps include:-
Step1:- Deciding the website that you want to attack/perform sql injection on
In my case i am using a famous vulnerability testing site testphp.vulnweb.com to demonstrate an attack cause demonstrating on other website without their permission is illegal.
The first thing we should know is the link of the website that we can copy from the url of the website that is testphp.vulnweb.com in my case or can be anything added to this link. The more number of menu options we choose in this website the more number letters and characters will be added to the url address. For example if we go to guestbook menu option in the website the url will change to http://testphp.vulnweb.com/guestbook.php. We can clearly see that guestbook.php is added at the last of the original url indicating the path of the data.
Our main objective in this demo is to obtain the signup/login information of one of the registered user. As you can see that there is a signup option in the main homepage of the website.
Step2:- Opening SQLMAP in Kali Linux
Step3:- Find the Databases present in the website
Finding databases and their names is important part of sql injection as all information will be stored in the database. This time we will go to the artists tab and click in one of the artists that is mentioned there and take that url as a sample url. Once SQLMAP opens we can then can write the following command:-
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs
--dbs is used to find the databases present in the website.
In this websites case i found two databases, one by the name of acuart and other by the name of information_schema. We can choose any database in my case i will choose acuart database.
Step4:- Finding Number Of Tables Present In The Database
Once Database is selected there can be multiple tables present inside it so we will have to find the number of tables and their names.
Table Names are displayed as a result. Inside Acuart Database there are 8 tables present. Since our motive in this case is to extract registered user login credentials we can go guess and check each tables inorder to obtain that information. In this case we have a table called users and we can guess that based on the name there might be information regarding registered users. We have to then get an access and look for informations available in users table.
Step5:- Finding Number Of Columns Present In The Table
Every table will have set of rows and columns and it is necessary to find the number of columns and information in those columns. Columns might contain information's such as username, passwords of the registered users.
Once the command is sucessfully run we will obtain the number and names of columns available in the table.
I obtained 8 columns as a result and we can clearly see two columns uname and pass which might contain information regarding user and their password. Along with that there are several other columns such as email, address etc. that might contain email id and address of the users.
Step6:- View/Extract Information From the Column
Once column names are extracted we can view them individually. I will show the result of uname and pass cause i got information regarding username and password from them.
once the username and password is retrieved you can either remember it or write it somewhere and login using the valid username and password that we extracted.
In this case for the username test we got result like this:-
As you can see in the picture we were able to retrieve information of that registered user and apart from that we can also remove or modify information's that we can see. Different people use sql injection for different purposes, so it literally depends upon the attackers perspective. If SQL injection attack is done by a hacker then it can be for a harmful purpose of either stealing or damaging the data, if performed by an ethical hacker or penetration testers can be used for vulnerability assessment , penetration testing or even finding loopholes in the website.
Comments
Post a Comment