The website database used is of the Structured Query Language type or often referred to as SQL. In addition, injection on websites that use databases depends on the database security system.
How to hack a website using SQL Injection is often done or used by hackers or hackers to retrieve the desired website information.
For those of you who want to learn how to hack or hack websites using SQL injection, don’t worry.
Because we have prepared an explanation of how to hack a website with SQL Injection in our review below.
How to Hack Website With SQL Injection
How to Hack Websites With SQL Injection Easily
 |
| How to Hack Websites With SQL Injection Easily |
You need to know that every website has its own web address and is different from other web addresses.
The database of each website is located at the back of the website which is connected to a server or database that can be used according to how the website works.
For how to hack a website with SQL Injection, you can follow the method that we have summarized in the following explanation.
A. First Step
Websites that use a database will usually be seen if the website page uses a sign (=) and numbers are in the contents of the website database.
But for some websites do not use signs like that, but use the example below:
B. Second Step
The form of injection varies depending on how you do the injection of a website database.
The injection that is often used on websites is to use a String (‘) sign. Like the example below:
If you have already marked the SQL Injection code injection, it will have an impact on the appearance depending on the security of the website that you are going to hack.
If the website database does not have sufficient security, it will display the word “Error”.
C. Third Step
If you have succeeded in displaying the word “Error” in the database of a website, then you can directly call the database table one by one by using a certain injection code that can not display the word “Error”. Example Like the following:
https://www.example.com/terbaru/berita.php?id=21’+order+by+1–+
https://www.example.com/terbaru/berita.php?id=21’+order+by+2–+
https://www.example.com/terbaru/berita.php?id=21’+order+by+3–+
https://www.example.com/terbaru/berita.php?id=21’+order+by+……..
Notes:
Doing “ORDER+BY+(table/column number)” starting from number 1, the website page display returns to normal, then the “ORDER BY” request is reused until the website displays the SQL Injection Error characteristics again.
D. Fourth Step
Take all the number of requests “ORDER BY” which displays the websites as before or normal.
You or the hacker will do a Union Injection which will be a “Union Select” request like this example:
https://www.example.com/terbaru/berita.php?id=21’+order+by+12–+
https://www.example.com/terbaru/berita.php?id=-21’+union+select+1,2,3,4,5,6,7,8,9,10,11,12- -+
You need to see before the page number that was injected was -12 and numbers below 12 will be written down all the way to the last number, which is 1.
E. Fifth Step
The display of this website page will display an Error in SQL Injection or “Union-Injection” but the only difference is the error numbers such as numbers 2 and 4.
F. Sixth Step
Then you know the hacker will make a request on the results of the numbers shown by Union-Injection, namely numbers 2 and 4.
The code is called Dump In One Shot “DIOS” which means dumping the injection results into the website database page as in the following example:
https://www.example.com/terbaru/berita.php?id=-21’+union+select+1,2,3,(DIOS),5,6,7,8,9,10,11, 12–+
G. Seventh step
Finally, the results of Dump In One Shot “DIOS” can display the user-database, database name and can also perform dupm to all tables so that the information in the database is not lost.
The final word
So that’s what we can convey or explain how to hack a website using SQL Injection.
In addition, to overcome this SQL injection website hack, the developer or programmer must prohibit the provision of query strings and website source code that is connected to the database.
By prohibiting the provision of query strings or source code, you can overcome or prevent hacking actions on websites.
We need to remind you not to use the method above to take website retrieval or criminal actions that can harm you.
For more details, you can continue to listen to our website so you don’t miss other information about how to hack a website.
This is the entire contents of our explanation this time about How to Hack Websites With SQL Injection. That is all and thank you.
