SQLI - HackMD

# SQLI ###### tags: `sqlInjection` `web` https://www.youtube.com/watch?v=1nJgupaUPEQ&list=PLuyTk2_mYISLaZC4fVqDuW_hOk0dd5rlf ## Learning Target - what is the SQL injection - How do we exploit it - How do we prevent it # What is the SQL injection Vulnerability the consist of an attacker interfering with the sql query that an application make to database ## Impact of SQLI attacks ![](https://i.imgur.com/ETFCKVl.png) # OverView ## In-band (classic) ![](https://i.imgur.com/mmC4ou6.png) --- ![](https://i.imgur.com/lZBbyAu.png) --- ### Types ![](https://i.imgur.com/e9tZJy2.png) ## Inference (blind) ![](https://i.imgur.com/wZESvzD.png) --- ### Types ![](https://i.imgur.com/9ztYiDc.png) ![](https://i.imgur.com/WkrNzdK.png) And then we could use python script to confirm the hash. pseudocode (it haven't implemented yet ) ``` declare charater [] declare ConfirmedHash [] def getServerResponse() return value def try another charater() loop for charater return next caharter while 1 if (getServerResponse not True) try another charater() else confirmedHash.push(currentCharactor) ``` ## Out-of-Band ![](https://i.imgur.com/gFal8wK.png) ![](https://i.imgur.com/b38QbhM.png) # How do we find it ## black box ## white box ## Reference Out of band https://infosecwriteups.com/out-of-band-oob-sql-injection-87b7c666548b ![Uploading file..._srf7lx9rc]()