Blind SQL injection can be done by querying the database with sequence of true/false questions.
How to detect the Blind SQL Injection Vulnerability?
Web application gets the clients input and supplied in where clause to retrieve data from Database. For instance, let us say the web application gets id and supplied to the sql query as followsStatement=”select * from userinfo where id=` “+id+” ` “;Hope you know about where clause and compound conditions (OR, AND). OR and AND are used to combine two conditions. The attacker can find the vulnerability by entering the compound conditions as input.
For instance, the attacker can enter id value as
1 AND 1=1
The above query will become
Select * from userinfo WHERE id=1 AND 1=1If the page remains on the same page, then the application may be vulnerable. This type of vulnerability occurs when the developer fails to validate the data type of ID. Here we give true condition (1=1). So if use false condition (1=2), it will raise an error message. We can conclude that if the condition is true, it remains in page. If false, showing error message.
Some Functions to be known
The following function will be useful for Blind SQL Injection.
substring(str, pos, length) is the function that returns the part of the String. sub string of the string is depending on the argument given to the function.
For instance substring(“hello”,2,1) will returns ‘e’.
Here string is “hello”, character position is 2 (that is ‘e’), and length is 1.
- lower(str) is the function that converts the character to lower case
- ascii(c) is the function that converts the character to ASCII value.
- length(str) returns the length of the string .
- user() returns the current user(admin)
- database() returns the database name.
- version() retruns the version of database
U Can Download Any Videos, All cracked Applications, Games in the net & also with Various Features.
Click Here to Try ScienceHack ToolBar...