How to Hack a Database
Find out if the database is vulnerable.You’ll need to be handy with database statements to use this method., Find the amount of columns.Return to the login page for the database (or any other URL that ends in “id=” or “catid=”) and click into the...
Step-by-Step Guide
-
Step 1: Find out if the database is vulnerable.You’ll need to be handy with database statements to use this method.
Open the database web interface login screen in your web browser and type a ’ (single quote) into the username field.
Click “Login.” If you see an error that says something like “SQL Exception: quoted string not properly terminated” or “invalid character,” the database is vulnerable to SQL injections. -
Step 2: Find the amount of columns.Return to the login page for the database (or any other URL that ends in “id=” or “catid=”) and click into the browser address box.
After the URL, hit the space bar and type order by 1, then hit ↵ Enter.
Increase the number to 2 and press ↵ Enter.
Keep increasing until you get an error.
The actual number of columns is the number you entered before the number that gave you the error. , At the end of the URL in the address bar, change the catid=1 or id=1 to catid=-1 or id=-1.
Hit the space bar and type union select 1,2,3,4,5,6 (if there are 6 columns).
The numbers should count all the way up to the total amount of columns, and each should be separated by a comma.
Press ↵ Enter and you’ll see the numbers of each column that will accept a query. , For example, if you want to know the current user and want to put the injection in column 2, erase everything after the id=1 in the URL and hit the space bar.
Then, type union select 1,concat(user()),3,4,5,6--.
Hit ↵ Enter and you will see the name of the current database user on the screen.
Use any SQL statements you’d like to return information, such as lists of usernames and passwords to crack. -
Step 3: Find which columns accept queries.
-
Step 4: Inject SQL statements into the column.
Detailed Guide
Open the database web interface login screen in your web browser and type a ’ (single quote) into the username field.
Click “Login.” If you see an error that says something like “SQL Exception: quoted string not properly terminated” or “invalid character,” the database is vulnerable to SQL injections.
After the URL, hit the space bar and type order by 1, then hit ↵ Enter.
Increase the number to 2 and press ↵ Enter.
Keep increasing until you get an error.
The actual number of columns is the number you entered before the number that gave you the error. , At the end of the URL in the address bar, change the catid=1 or id=1 to catid=-1 or id=-1.
Hit the space bar and type union select 1,2,3,4,5,6 (if there are 6 columns).
The numbers should count all the way up to the total amount of columns, and each should be separated by a comma.
Press ↵ Enter and you’ll see the numbers of each column that will accept a query. , For example, if you want to know the current user and want to put the injection in column 2, erase everything after the id=1 in the URL and hit the space bar.
Then, type union select 1,concat(user()),3,4,5,6--.
Hit ↵ Enter and you will see the name of the current database user on the screen.
Use any SQL statements you’d like to return information, such as lists of usernames and passwords to crack.
About the Author
Kathryn Gray
Writer and educator with a focus on practical organization knowledge.
Rate This Guide
How helpful was this guide? Click to rate: