Sneaker's Stub - The Grey Stuff!

SQL Injection part 3: Identifying String Data or Numeric Data

This is my third post on SQL Injection, The first post SQL Injection part 1 was just a basic one to check if the SQL vulnerability exist on a certain website and SQL Injection part 2 shows how to exploit the SQL vulnerability. We inject SQL in three parameters, namely:

  1. String Data
  2. Numeric Data
  3. Query structure

In this post we are talking about String and Numeric Identification. I created my own database and my own small testing website to see how strings and Numeric vulnerability can be identified and how they both can be exploited.


String Data Exploitation


Take A Look at the Following Code Line:

 $que="SELECT username FROM hack where id='$id'";

In the above Code line, “id” parameter is in single quotations means it is taking string parameters. We can use the following code to get through:

‘OR’1’=’1

http://127.0.0.1/gethack.php?id=1’OR’1’=’1

This makes the following code look like:

 $que="SELECT username FROM hack where id='1 'OR'1'='1'";

and hence the database sees it as:
id=1 or ‘1’=’1′


Numeric Data Exploitation


Take A Look at the Following Code Line:

 $que="SELECT username FROM hack where id=$id";

The id Parameter is not contained within single quotes because SQL processes the numeric data without quotes and hence the injection to this type of query is easier to understand and exploit.
To exploit it we use:

 $que="SELECT username FROM hack where id=1 OR 1=1";

This query doesn’t need quotations.



Leave a Reply