SQL INJECTION TESTING WEBSITE DATABASE SECURITY- 2021

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello all and welcome to my channel infosec geeks this is asademud and today video is about sql injection hacking website database so before starting this video let's have a look on sql injection so sql injection is a web vulnerability caused by mistakes made by programmers it allows an attacker to send commands to the database that the website or web application communicates with this in turn lets the attacker get data from the database or even modify it so let's start our video so i'm going to test this website for this tutorial name india forma expo dot in let's open it [Music] it's again copying it so this is our target website department of pharmaceuticals ministry of chemicals and fertilizers government of india so now first thing first what i am going to do here is i have to find our dynamic link through which we can insert my sql queries to perform this sql injection so let's find out the links let's check out the source i'm going to press ctrl f and find this php there are a lot of dot php ies links but not that type of link which i am looking it would be like question mark id equals right but i guess there is no such type of link the dynamic so what i'm going to do next is i'm going to i'm going on google and using this google doc to find that type of link if there is any so i can proceed my sql injection right yes we go to link open it this type of link is used to perform sql injection only so first step is after finding this link i am going to put a single quote at the end of this uri apostrophe that is i am going to put a single code let me refresh it yes we have an sql error [Music] now the next step is [Music] next step is this will ever be found just on sql error next step is let's check if this website is 100 vulnerable to speed injection so i'm going to again put a single folder apostrophe and this url if the page is displaying normally as it was then there is 100 chance of sql injection yes it is fixed as you can see here the page is displaying normally right the next step is the next step is let's continue testing process and now we are going to identify the total number of calling columns in the database of this website so we are using order by method to find number of columns but before proceeding let's go back one time now i'm going to put order guy and run entering no we are still seeing this error and no other information is shown so let me fix it first i'm using sql command like this iphone hyphen space icon entering it and now the page is fixed the error is fixed and we and we know number of column is one let's check further if this side has more columns so i'm going to start [Music] from here 100 i am going to put 100 columns to check if this size has hundred columns no the site says that there are no hundred columns now again i'm going to i'm going to check again by putting 75 if there are 75 columns knobs now again i'm putting 60 check if there are 60 it says no again now check if there are 51 columns actually what i'm doing here is i'm trying to check the number of columns how many columns this website has so till now i found no columns let let's go further now i'm going to put 40 check if the site has number 40 columns yes it has 40 columns right great now moving further with 30 columns it says yes i have 30 columns now again i am going back and testing column number 50. if it exists or not yes it exists so website displaying normally when i put 50 testing if number of columns are 51 i'm going to test it there are furthermore columns nopes so it means the total number of columns are 50 in this website now what i'm going to do here is yes now i'm going to use union select method to find vulnerable columns using which we use to ask or query the database to provide us information right because there are they are 50 columns and will take time to type i'm going to put here already type query let me show you union select number of columns 1 2 3 4 till 50 and our comment now i am going to put i'm going to hit enter so did you notice any change in this page i guess there isn't except the one if you have noticed very closely this one let's check it so we found a vulnerable column it was number two now let's pause the database to provide its version details so what i am going to do here as we found a vulnerable column which is echoing back that is column number two i'm going to replace it with that payload [Music] or our query to see the version details of this database right hitting enter see that too yes and we found the version detail that is 5.7.33 this is php version 5.7.33 [Music] right so next step is let's ask the database to provide its database name right so we are going to replace column number two with this payload or query to ask database about its name database name rolling v and yes we found the name of the database the backend database india pharma underscore xtwi 23u right we are curing the database and database is processing our queries because backend database is not properly sanitized now we can see the running database name is india forma as you see now let's ask the database to provide its database username details let's find out the username of this database india format let's check replacing again the vulnerable column that is number two with payload user bracket small brackets and wrap it close entering yes we got india pharma underscore xeop129 at localhost we got the username of this database so next step next step is interesting let's print print out our name in this vulnerable column so we have created our name using html tags here right i'm copying it pasting it directly here yes we got error right because these html tests cannot execute it directly within this column so what i am going to do here i'm going to use this website because we need to convert our html tags into hex because we cannot execute it directly right so i'm going to visit this website now copying this here this is our text and we are going to convert into x convert right now our html name written in html tags is converted to hexadecimal so what i'm going to do here is going back and replacing column number 2 with it again we found error why because we forgot something yes after hex conversion we have to add 0x at the beginning of our converted hex value like this 0x this is our conversion output from that website and i added 0x at the beginning of this hex i'm going to copy it copying it and now i'm going to paste it here totally yes now you can see our name our name is printed on this page right in the vulnerable column moving further now let's ask the database to show us all the table names so let's move further and the entire tables for this purpose we need a dios query dice that is dump in one shot it means that we are giving or putting single query which contains multiple queries and it will execute at one time let's do it let's copy the table name table diodes replacing column number two with that diodes and now we can see the entire table list of this database of this website's database as you can clearly see that there are lots of table here but normally attacker or hacker interested in these type of tables it would be it might be something else like admin user members but here we found user so i am interested in users table right going back here now let's ask the database to show us all column names right so let's move further and dump the entire columns for this purpose we need a diode dump in one short query again this dios is basically column diodes we are now going to retrieve all the columns of this website so what we have to do before moving further we are required to convert our table from text to hexadecimal so in our case it would be users as i told you we were interested in table named users and now [Music] let's convert it manually let me show you how i convert it users right converting okay and putting 0x again because it's it is hex so we have to put 0x so it can execute easily the same website just i have demonstrated to convert our text to hexadecimal conversion now we have to edit our diodes from here like this let me show you this is our column diodes right as you can see here now what i am going to do here is i have changed this portion i have converted users to hexadecimal and then put it here and now i am going to copy this entire query column dios copying it and now going to paste in our vulnerable problem and yes we got columns of table name users so we have registration id we have user name we have password one password two node first name last time status send count login time last ipc date so i am what i am interested in i am in column username and password1 i am interested in these two columns username and password going back let's open our tutorial so final dive is for dumping data from our desired table columns so in our case the table is users and its columns are username and password as i just told you that i am interested to dump column username and password1 i want to see what data these columns contain so in this data data dump diodes you can see that here we have inserted database name which we found before let me show you this is our database name right we have to copy it paste it here and here we have to put column names username and password1 so right going to copy this security opening it up we found username and passwords but as you can see they are mixed up they are mixed up and not very clear to view right so in this type of situation we use delimiters so adding a delimiter to separate the column results for better understanding right so add apostrophe colon colon colon apostrophe as a delimiter between username and password1 column like this right and this is final diodes entering yes and now you can see user name and passwords separately so we can differentiate them easily right they are basically passwords are hashes they are hashed i guess they are md5 hash i'm not going to decrypt these hashes so finally we can use we can see username and password of every registered users okay so that's all for this video i hope you like this video you
Info
Channel: Infosec Geekz
Views: 13,689
Rating: 4.7639346 out of 5
Keywords: sql injection, sql, sqli, blind sql injection, union, select, order, by, column, dios, dump, in, one, shot, error, infosec, geekz, code, injection, website, sql injection tutorial for beginners, sql injection example, sql injection basics, what is sql injection
Id: tQZlFgZzHeY
Channel Id: undefined
Length: 30min 11sec (1811 seconds)
Published: Mon Feb 08 2021
Related Videos
World's Most Famous Hacker Kevin Mitnick & KnowBe4's Stu Sjouwerman Opening Keynote
Cyber Investing Summit
1.5M
How Hackers Get Free Membership On Any Website!
Loi Liang Yang
703K
What is SQL Injection ? How to prevent SQL Injection Attack in php/mysql ?
SaiTechnical Learning
9.5K
Linux for Ethical Hackers (Kali Linux Tutorial)
freeCodeCamp.org
2.6M
MySQL Tutorial for Beginners [Full Course]
Programming with Mosh
4.7M
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
How Hidden Technology Transformed Bowling
Veritasium
5.3M
Hacking: Inyección de SQL - SQLi - SQL Injection
Ciberseguridad Para Todos - David Pereira
8.2K
WebGoat SQLInjection Advanced 5
raj77india
958
Java Project Tutorial - How To Design Login And Dashboard Form In Java Netbeans
1BestCsharp blog
5.5M
OWASP A1 SQL Injection Labs Pt 1
Jesse K
14K
How a Hacker Could Attack Web Apps with Burp Suite & SQL Injection
Null Byte
78K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.