SQL Injection Manual

What is SQL Injection and how to detect it?

SQL Injection is one of the most known vulnerabilities in web applications. This technique allows injecting malicious SQL code into an application to manipulate databases. Identifying this vulnerability is crucial to protect your applications.

1. Identify the vulnerability:

   • Using a single quotation mark (') in text fields can reveal syntax errors, indicating a possible vulnerability.
   • A visible error after inserting the single quotation mark indicates that the application is vulnerable, although the absence of an error does not rule it out.

2. Analyze the source code:

   • Review the source code of the actual web page to identify how SQL queries are handled.
   • Understand that an input variable, such as a User ID, can be manipulated to include malicious code.

How to execute a basic SQL injection?

Once the vulnerability is confirmed, you can proceed to execute SQL injections to extract information, all for educational and controlled testing purposes.

1. Value the input:
   • Simple injections use combinations such as ' OR 1=1 -- to manipulate queries and respond with more data than intended.

' OR 1=1 --

2. Query available columns:

   • Uses ORDER BY to determine how many columns can be selected in the query.
   • Use binary sequences to find the exact number, progressively decreasing until no errors occur.

3. Execute Union Select queries:

   • Integrates various queries by selecting specific columns to reveal data of interest such as the database or its version.

' UNION SELECT database(), @@version --

How to extract and filter information from the database?

Once you have identified the vulnerabilities and manipulated the queries, you can explore what tables and columns exist in the database.

1. Explore tables and columns:
   • Query existing tables and columns through information_schema.

' UNION SELECT SELECT table_name, column_name FROM information_schema.columns WHERE table_schema = DATABASE() --

2. Extract credentials:
   • Use Union Select to access specific tables such as users and fields that store users and passwords.

' UNION SELECT SELECT user, password FROM users --

Why automate SQL Injections with SQL Map?

Basic SQL Injection techniques can become a tedious process. SQL Map is a tool that automates the injection process, handling different levels of complexity and providing faster and more secure access to the desired information.

• SQL Map facilitates:
  • The automatic identification of vulnerabilities.
  • The execution of more efficient tests.
  • Data extraction in a more structured and less intrusive way.

The practice and knowledge of these techniques should be used for educational purposes and to improve the security of your own applications, never for malicious activities. The next step in this web security exploration will introduce you to SQL Map and its advantages.