Monday, May 5, 2008

Mysql - SQL Injection

Hi, here are the steps needed to extract data from a Mysql Database through SQL Injection automation. This will be useful for penetration test, when you need to craft your own tool because the ones that are available fails...

Let's get to work, first we need to get the schemas (Databases):

"SELECT table_schema FROM information_schema.tables WHERE table_schema != 'mysql' AND table_schema != 'information_schema' limit 1,1"

Once we know which database we want to extract data, we proceed to list the tables:

"SELECT table_name FROM information_schema.tables where table_schema = 'MYSCHEMA' limit 1,1"

MYSCHEMA = obtained schema from query 1

Now that we have the tables, we will go for the columns:

"SELECT column_name FROM information_schema.columns WHERE table_schema ="MYSCHEMA" and table_name = 'MYTABLE' Limit 1,1"

MYTABLE = obtained from query 2

And after this process you know the Schema (Database), the tables and the columns, so you can create the query to extract the data you want or think it will be interesting for the penetration test.

Another interesting query for penetration testing, is the one that can create a bruteforce attack
to find which table has a column named X.

"SELECT table_name FROM information_schema.columns WHERE column_name like '%MYWORD%' limit 1,1"

MYWORD= a word taken from a dictionary

Now is all about of putting this together in a script for automation. You can check Pblind for a SQL Injector script, the next release will have this feature included.

If you have another idea, please let me know.


No comments:

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...