Sahil OjhaSo, this is my very first writeup on SQL injection, which is typically only associated with databases and their data, but it can actually be used as a vector to gain a command shell. Hope you guys will like it and get an insight from this writeup.
Background of mine: I have been wasting a hell of a lot of time learning and figuring things out on my own about hacking into web applications since last year. I do have a typical IT background, but that does not come into play at all. Over the past few months, I have been pushing myself toward vulnerabilities that have a good impact.
Let's get started with what we are here for. No time wasting ;)
I cannot disclose the target as it is still not patched, so let's assume we have vulnerabletarget.com.
I was browsing this target website and checking out the normal functionalities, which I usually do before testing any website. I had already fingerprinted its technologies at this point, and thought of giving SQL injection a try.
Which failed, obviously, due to my overconfidence.
No worries. I had gathered a bunch of .php URLs with parameters, and that is the best place to try your luck on SQL injection. Now, I gave the id=* which I had manually tested, and got an error as well.
I was happy at this moment and about to shut down, but it was night and I had the whole night in front of me to hack. I was thinking about what more to do with this.
I was like, why not give them a shell when they gave me a SQLi. Let's see this part also.
If you are here, NOICE! You will do it someday way better than me, as I still did not do it well, since it is 3:00 AM in the morning.
Peace out!!
Sahil