1)ODBC Error Message Attack with "CONVERT"
2)ODBC Error Message Attack with "HAVING" and "GROUP BY"
3)MSSQL Injection with UNION Attack
4)MSSQL Injection in Web Services (SOAP Injection)
5)MSSQL Blind SQL Injection Attack
Here m going to explain the first one "sql with convert"
STEP 1:
First we need to find a vulnerable site.
By adding a single quote (') double quote (";") or a semicolon to the field under test.
eg:
http://www.example.com/news.asp?id=10'
http://www.example.com/news.asp?id=10;
It's vulnerable in SQL injection,If the output shows some error like this:
[HTTP Response]------------------------------------------------------------------------------
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the
character string ''.
/news.asp, line 52
[End HTTP Response]-------------------------------------------------------------------------
Also error could be something like below
Microsoft OLE DB Provider for SQL Server error '80040e14 '
Open quotation mark after the character string ") AND (Volgorde> 0) ORDER BY Volgorde '.
..../ main_rub.asp, line 4
If the errors like above are shown then site could be vulnerable in SQL
Also you can find vulnerable site from google dork.
eg
inurl:age.asp?id=
inurl:index.asp?sid=
u can see sql dorks in my old posts.
STEP 2:
Now we got our vulnerable website.
CONVERT command is used to convert between two data types and when the specific
data cannot convert to another type the error will be returned.
Posts
0 comments:
Post a Comment