Presume
Make a guess about what SQL query the server might be using.
Based on the results, make a guess about what the server is doing, such as whether it is performing authentication and identification at the same time or separately, and whether it can search for the term "over" to find "overwatch".
Vulnerability Assessment
Check whether SQL injection is possible.
Avoid using comments in queries as much as possible.
Check whether the login authentication and identification are separated or done together.
Select SQL Query
Choose an appropriate SQL injection method based on whether a list is displayed or not when searching.
For example, if a list is displayed, use In-band SQLi. If an error message is displayed, use Error-based SQLi. If only login failure messages are displayed, use Blind SQLi.
Identifying Data Output Locations
If a list is displayed, determine how many columns are being used, as the number of columns displayed may differ from the number of columns searched by the server.
Create Base SQL Injection
Create a basic template to avoid mistakes later.
Retrieve Database, Table, and Column Names
Now that the SQL query to use and the data output position have been identified, retrieve the necessary information.
Extract Data
SQL injection successful.
댓글 없음:
댓글 쓰기