A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
With that in mind, let’s tackle this Security Shepherd injection module. We are presented with a brief lesson telling us what SQL Injection is and to get the key we have to fool the database into giving us some information that it would not normally divulge.
So we need to craft an SQL query that would give us the information we want.
We are given a list of names and if we type a name in the text field and hit enter, the database spits out some information on that person.
So we need to find someones name that’s hidden to us that spits out the key to pass the module.
Our SQL query will be entered into the text field above.
We noticed immediately that anything that we typed, the server would add a ‘; at the end of the query.
So if we have another ‘ in our injection, that would cancel the one that the server adds.
Then if we say something like ‘and 1=1’ and end the query, the database would send us back a Boolean YES, or a positive. Thinking time!!
We need to craft an SQL query that would list all rows and columns in the database.
This proved to be tough and we tried many different queries but the one that worked for us was the query below.
That’s how SQL Injection works. We fooled the SQL database into giving us some information that was hidden from us. A nice module and it took a while to crack, but we got there.
Thanks for reading and if you like what you’ve read, please add a comment. Like and share too guys, it’s appreciated.