SQL Injection: Accessing the Database

Freedom Computing Alliance


1: Definition

2: Targeting and Testing

3: Accessing the Database

4: Extracting Data

You can now attempt to extract some information, first you must find out how many columns the current database in use has.

At the end of the query string, type “order by 1–” and press enter. Here is an example URL:

http://www.onlineshop.com/product.php?id=123 order by 1–

the double dash represents the start of a comment in SQL and so causes any other SQL code in the line after your input to be ignored. Your browser will most likely replace the spaces in the URL with %20, although this makes the URL less readable this is fine.

There should now not be an SQL related error, keep incrementing the order by number until you again see an error. The last number that didn’t produce an error is the number of columns, keep note of this number.

If you…

View original post 251 more words


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s