SQL Injection PDF
SQL Injection PDF
SQL Injection PDF
The ability of the attacker to execute code (SQL statements) through vulnerable
input parameters empowers him to directly interact with the back end SQL server.
TYPES OF SQL INJECTION ATTACK
The blind SQL injection is the hardest type. In this attack, no error messages are
received from the database; hence, we extract the data by asking questions to the
database. The blind SQL injection is further divided into two kinds:
1. Boolean-based SQL Injection :- Only correct queries show the result, wrong
queries do not return anything. Attackers should try to generate logically
correct queries
SQL injection attacks occur when a web application does not validate values
received from a web form, input parameter, etc., before passing them to SQL
queries that will be executed on a database server.
This will allow an attacker to manipulate the input so that the data is interpreted as
code rather than as data.
SQL injection attack risk is usually very high and the consequences are severe.
A successful attack can bypass authentication and authorization to
1. Gain full control of the database,
2. Steal sensitive data,
3. Change users passwords,
4. Retrieve users credential information,
5. Add non-existent accounts,
6. Drop tables,
7. Make illegal financial transactions,
8. Destroy the existing database.
To make the SQL injection attack process easy, SQL injection tools are available.
These tools take the vulnerable URL as a parameter and then start attacking the
target.
Based on its detection and attack engine, these tools are capable of detecting the
type of attack.
1. BSQL Hacker
2. SQLmap
3. SQLninja
4. Safe3 SQL Injector
5. SQLSus
6. Mole
MOLE
AUTOMATIC SQL INJECTION EXPLOITATION TOOL
Features :-
In order to execute The Mole, you require only python3 and python3-lxml. Once
you execute it, a shell prompt will be printed, waiting for commands.
1. -u URL :- Use this to set the URL which contains the vulnerability. This is
the same as using the "url" command.
2. -n NEEDLE :- Use this to set the needle to be found in the requested page.
3. Schemas :- Fetches the schemas(databases) from the server.
2. tables <SCHEMA> :- Fetches the tables for the schema.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: