Welcome to Mobilarian Forum - Official Symbianize forum.

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?

Blind sql injection

Alexhost
nethanker 0

nethanker

Abecedarian
Member
Access
Joined
Aug 27, 2014
Messages
111
Reaction score
55
Points
28
grants
₲2,707
10 years of service
Blind SQL injection technique is used when the web application is vulnerable but the output does not display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it will take more time . There are some tools for Blind SQL Injection.

sql+injection.jpg


Blind SQL injection can be done by querying the database with sequence of true/false questions.

How to detect the Blind SQL Injection Vulnerability?

Web application gets the clients input and supplied in where clause to retrieve data from Database. For instance, let us say the web application gets id and supplied to the sql query as follows

Code:
Please, Log in or Register to view codes content!

Hope you know about where clause and compound conditions (OR, AND). OR and AND are used to combine two conditions. The attacker can find the vulnerability by entering the compound conditions as input.
For instance, the attacker can enter id value as

1 AND 1=1

The above query will become

Code:
Please, Log in or Register to view codes content!

If the page remains on the same page, then the application may be vulnerable. This type of vulnerability occurs when the developer fails to validate the data type of ID. Here we give true condition (1=1). So if use false condition (1=2), it will raise an error message. We can conclude that if the condition is true, it remains in page. If false, showing error message.

Some Functions to be known

The following function will be useful for Blind SQL Injection.
substring(str, pos, length) is the function that returns the part of the String. sub string of the string is depending on the argument given to the function.

For instance substring(“hello”,2,1) will returns ‘e’.
Here string is “hello”, character position is 2 (that is ‘e’), and length is 1.

  • lower(str) is the function that converts the character to lower case
  • ascii(c) is the function that converts the character to ASCII value.
  • length(str) returns the length of the string .
  • user() returns the current user(admin)
  • database() returns the database name.
  • version() retruns the version of database

Blind Sql Injection Tools:

When come to Blind Sql Injection vulnerability, it will time consuming process. So Automated tools are better than manual process. Here are list of Automated Tools

SQL InjectMe : https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me
Blind Sql Injection Brute Forcer: http://code.google.com/p/bsqlbf-v2/downloads/list
Sqlsus: http://sqlsus.sourceforge.net/download.html

credits to sir darknight/chf
 
S 0

SouthAutoKid

Squaddie
Member
Access
Joined
Oct 20, 2023
Messages
230
Reaction score
65
Points
28
grants
₲827
4 months of service
still working pa ba boss ang sql injection?

salamag po sa info boss
 
Top Bottom