How can i get SQL Injection
Hi Guys .
I’m gonna explain How could i get sql injection by easy way.
At First I surf the login page (normal login page)
at the beginning I tried default credentials ,but it didn’t work. the second decision was to check the source code . after a while without find anything interesting.
Then I tried login bypasses like admin’- - and all bypasses.
Then I tried NoSQL [$ne] ,but also it didn’t work.
Also I tired the host header in the request X-Forwarded-For|X-Original-URL and most common headers ,but unfortunately it didn’t work .
After trying , So I decided to check JS Files.
Finally I found a anther Endpoint (internal login page for employees)
https://example.com/path/users/UserLogin2.aspx
I intercept the request and inject single quote (‘) in username field and get SQL error in the response !!!!!!!!!!
Then I inject a SQL query to get the true ordering using ‘ OrDeR/**/By 10000—
As you see the error represent that false ordering number. And i get the true number.
I tried to get the version of the DBMS. by ‘ UNiOn/**/SelecT null,null,@@version —
Then i get the database name by ‘ UNiOn SelecT null,null,db_name() —
