How to Perform Manual SQL Injection With Error Based String Method

SQL injection is the code injection techniques to gain access to the database(MySQL, MSSQL, Oracle etc).Owasp 2017 Release still describes this injection as A1 or Level 1 injection which is most dangerous attack over all the time.

SANS Top 25(Most Dangerous Software Errors) describes SQL injection as Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) as Rank 1 of Injection.

The automation of this injection can be performed with a large number of tools available on the internet.Better than tools Human have creative thinking and decision making to understanding the target, so I preferred to go with manual penetration.

NOTE: Scope of this SQL injection only for backend MySQL database.If you test the same with Oracle or some other databases it never works.

SQL Injection ONLINE LAB:

• Beginners can use this website to practice skills for SQL injection
• To Access the LAB Click Here

STEP 1: Breaking the Query

• Visting the website http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1
• Let us add & check single quote to existing URL to check whether the website is vulnerable to SQL Injection by adding http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1′
• After adding single quote If the website shows error statement “You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”1”’ at line 1

• That’s Great !!! It is Vulnerable to SQL Injection
• This Illustrates you have successfully Broken the query & Backend Database is interacting to Hacker with error messages.

STEP 2: Copying the Error Statement

• Copy and Paste the SQL Error statement into Notepad.

• After copying Perform actions to error statements as mentioned in below screenshot

• Above figure Illlustes that Highlighted single quote is breaking the backend database
• Now Imagine yourself as DEVELOPER and Guess the SQL statement in Database.
• Hope everyone has Guessed the backend query looks like this Select username, Password from table where id =’1′
• When we add single quote which is mismatching the query like this Select username, Password from table where id =’1”

• This is called as Single quote error based string injection.

Read Full Article: How to Perform Manual SQL Injection With Error Based String Method

Follow us for Daily Security Updates: GBHackers On security