336 Chapter 14 ■ SQL Injection
Running a scan with either of these tools will give you information about where you
may have SQL Server installations that you are unaware of.Database Server Password Cracking
After a database has been located, the next step an attacker can take is to see whether
the password can be broken. A feature that is included in SQLPing3.0 is a password-
cracking capability that can be used to target a database server and break its passwords.
The password-cracking capabilities accompanying the product include the ability to use
dictionary-based cracking methods to bust the passwords.Anatomy of a SQL Injection Attack
The potential attacks that can be performed to leverage the flaws in poorly designed
websites are beyond count. The seemingly endless combinations of technologies and
environments lend themselves to plenty of different attacks.
In this section we will examine a basic attack against a website to see how this works
in practice. Note that this is only one type of SQL injection. In the wild these attacks may
take many different forms.Acquiring a Target for Attack
Before you can attack a target, you must first have a target. To find a target you can use
various techniques, but let’s use some good old Google hacking.
If you recall, Google hacking is the use of advanced search query commands to uncover
better results. Through a little trial and effort, you can find a website that is vulnerable to
an attack. There are numerous search queries you can use, but some of the ones that can
yield results include:inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
andinurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=