Before explaining Blind SQL Injection vulnerability, let's take a look at What SQL and SQL Injection are?. If we know what they are, we can learn about Blind SQL without difficulty. I wish you a pleasant reading...
What is SQL?
SQL actually stands for database management system language. It is definitely not a programming language. It is also known as the database ancestor of websites. If the sites we register on the Internet do not have a database, those data are stored on the computer and we call them raw data. The operation of the SQL system is actually somewhat simple. We call "queries" the actions taken to ensure that information passes processing in certain ways. This query operation can only be done using SQL. Many data operations are performed by means of SQL.
The use of SQL database is actually a great advantage for users and programmers. Thanks to SQL, we can find the desired or desired data without difficulty. This saves us some time in the search process. It helps us to collect the information in the memory in a single file. SQL databases are used in many places. It is used by hospitals, banks, public institutions, libraries and online payment systems. Initially, it has two different applications. They are Flat-File and Relational databases. Flat-file is a simple database application compared to other application. The processed data is collected and stored in one place. In a relational database application, this starts to establish relationships between files that do not have similarity. It groups and stores data according to the relationship status. Here is the connection between database and SQL.
There should be a management system at the stage of querying, calling and finding this data. SQL comes into play in querying and passing information. It is a language programmed to find the files we process among other files. Before moving on to our SQL Injection topic, let's briefly talk about MySQL and MsSQL databases.
What is MySQL?
It is a database using the open source model. It is one of the preferred databases of hosting companies. MySQL, as the name suggests, is a database that requires a special server software and internet application in the creation of websites. It provides fast access to data while storing big data with personal vehicles. For this reason, most developers are able to better control their databases using MySQL.
What is MsSQL?
MsSQL, also known as Microsoft SQL Server, is a system where data is stored comfortably. Storing detailed data is a relational database management system that allows many users to be used at the same time. Images, texts, situations for texts, membership information that we see in the internet world can be stored as MSSQL data. It allows data to be saved in the form of a system sequence in processing. This is why it is preferred in programming languages.
What is SQL Injection?
SQL Injection is a malicious code injection technique that is used to attack databases. Because of the attacker sql injection vulnerability, it is possible to access user information and existing information on websites, upgrade privileges and delete all information in the database. The purpose of the attackers to carry out this attack is information theft. In this way, they make a quick profit for themselves. In order to be protected from SQL injection attacks, we must keep the database security software up-to-date. In general, when we look at the SQL Injection open type, there are 4 But only two of them are actively used. 1. Open to give an error message, 2. Blind SQL Injection. Sites with error-based vulnerabilities usually add '(quotes) to the end of the URL and the vulnerability becomes obvious. SQLmap is used to retrieve the information in the database. Before explaining Blind SQL Injection, let's talk about the use of SQLMAP. This tool plays an effective role in data extraction.
1-Error Based SQL Injection
Initially, the goal is to force the application to make mistakes. There are 2 factors in this deficit. It is divided into two as Union and Double. Union is used to combine two or more select statements in error-based exploits. Double, on the other hand, tries to get an error in order to combine two queries into a single query expression with the same error-based vulnerability. If it gives an error, a SQL injection vulnerability is identified. Let's take an example via Login Bypass.
What is SQL?
SQL actually stands for database management system language. It is definitely not a programming language. It is also known as the database ancestor of websites. If the sites we register on the Internet do not have a database, those data are stored on the computer and we call them raw data. The operation of the SQL system is actually somewhat simple. We call "queries" the actions taken to ensure that information passes processing in certain ways. This query operation can only be done using SQL. Many data operations are performed by means of SQL.
The use of SQL database is actually a great advantage for users and programmers. Thanks to SQL, we can find the desired or desired data without difficulty. This saves us some time in the search process. It helps us to collect the information in the memory in a single file. SQL databases are used in many places. It is used by hospitals, banks, public institutions, libraries and online payment systems. Initially, it has two different applications. They are Flat-File and Relational databases. Flat-file is a simple database application compared to other application. The processed data is collected and stored in one place. In a relational database application, this starts to establish relationships between files that do not have similarity. It groups and stores data according to the relationship status. Here is the connection between database and SQL.
There should be a management system at the stage of querying, calling and finding this data. SQL comes into play in querying and passing information. It is a language programmed to find the files we process among other files. Before moving on to our SQL Injection topic, let's briefly talk about MySQL and MsSQL databases.
What is MySQL?
It is a database using the open source model. It is one of the preferred databases of hosting companies. MySQL, as the name suggests, is a database that requires a special server software and internet application in the creation of websites. It provides fast access to data while storing big data with personal vehicles. For this reason, most developers are able to better control their databases using MySQL.
What is MsSQL?
MsSQL, also known as Microsoft SQL Server, is a system where data is stored comfortably. Storing detailed data is a relational database management system that allows many users to be used at the same time. Images, texts, situations for texts, membership information that we see in the internet world can be stored as MSSQL data. It allows data to be saved in the form of a system sequence in processing. This is why it is preferred in programming languages.
What is SQL Injection?
SQL Injection is a malicious code injection technique that is used to attack databases. Because of the attacker sql injection vulnerability, it is possible to access user information and existing information on websites, upgrade privileges and delete all information in the database. The purpose of the attackers to carry out this attack is information theft. In this way, they make a quick profit for themselves. In order to be protected from SQL injection attacks, we must keep the database security software up-to-date. In general, when we look at the SQL Injection open type, there are 4 But only two of them are actively used. 1. Open to give an error message, 2. Blind SQL Injection. Sites with error-based vulnerabilities usually add '(quotes) to the end of the URL and the vulnerability becomes obvious. SQLmap is used to retrieve the information in the database. Before explaining Blind SQL Injection, let's talk about the use of SQLMAP. This tool plays an effective role in data extraction.
1-Error Based SQL Injection
Initially, the goal is to force the application to make mistakes. There are 2 factors in this deficit. It is divided into two as Union and Double. Union is used to combine two or more select statements in error-based exploits. Double, on the other hand, tries to get an error in order to combine two queries into a single query expression with the same error-based vulnerability. If it gives an error, a SQL injection vulnerability is identified. Let's take an example via Login Bypass.
Kod:
Username:frn1[/COLOR][/SIZE][/CENTER][/COLOR][/SIZE][/CENTER]
[SIZE=4][COLOR=rgb(255, 255, 255)][CENTER][SIZE=4][COLOR=rgb(255, 255, 255)][CENTER]Password:admin1
This is how it appears in the SQL query system.
Kod:
[CENTER]SELECT * FROM Users WHERE Username = frn1 and Password = admin1[/CENTER]
The attacker can take many actions in this situation.
Kod:
Username:frn1[/COLOR][/SIZE][/CENTER][/COLOR][/SIZE][/CENTER]
[SIZE=4][COLOR=rgb(255, 255, 255)][CENTER][SIZE=4][COLOR=rgb(255, 255, 255)][CENTER]Password:'OR 1=1--
Kod:
SELECT * FROM Users WHERE Username = ahmet and Password = OR 1=1--
2- Blind SQL Injection
Information about tables or columns or technical information about the database cannot be accessed directly to the database system, but if we try the requested information letter by letter, correct results will be achieved. Therefore, it is difficult to do it manually, and if this deficit is detected, automatic programs are used to open water. Blind SQL injection is divided into Boolean and Time types. Boolean are sql injection queries that run according to the logic (True-False) expression. Time is used to understand whether it is working or not, which is not visible from the query results. This is an open trial and error method. If we give an example URL,
Kod:
[url]https://teknomen.com/index.php?id=74'and[/url] 2=4
When we look at the URL, the equality expression of 2=4 is incorrect, giving an error or a change on the page is observed. If the page gives an error, we can access the user information with that link.