Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • How to test My SQL Injection

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 305
    Comment on it

    SQL injection attack can access the sensitive data from the database. The attacker can Insert, Update, Delete and execute the administration operation.

    Detection:


    Authentication Forms : When user enter the web form, chances are that the user credentials are checked against the database.

    Search Engines: String entered and submit by the user in SQL query that extracts all records from database.

    E-Commerce Site: The Products Storage in database . Tester have to manage the list of all input values used in SQL query that extracts all relevant records from the database.



    First Test: Single quote (') or semicolon (;) to the filed or parameter added under test. The first is used in SQL as a string termination and if not filtered by the application.

    Second Test: Used to end the SQL statement and if its not filtered.

    TESTING EXAMPLE :
    SELECT
    FROM TBLUSER
    WHERE TBL_USER='Name' AND TBL_PASSWORD='PASSWORD'
    If user enter
    TBL_USER=1
    TBL_PASSWORD=1
    If parameters are sent through GET method on sever, we notice that system has authenticated the user without knowing the name and password because query return condition true value (OR 1=1).

    Fingerprinting The Database

    On moving to advance SQL injection exploitation tester need to know the backend.
    Example:
    Backend Error

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: