-3

I am trying to fetch bulk data from a website database but could not succeed. Can somebody suggest if SQL injection is possible and how to do in this case.

enter image description here

Venkata Dorisala
  • 4,783
  • 7
  • 49
  • 90
RanchiRhino
  • 786
  • 4
  • 21

1 Answers1

3

There are many ways to do SQL Injection to a website similar to the one you provided.

In the where clause it is expecting ac_no. I assume that this value is being passed from the browser as user input. In that case you can pass ac_no value along with or 1 = 1. e.g where ac_no = 123 or 1 = 1. It returns everything from the table RollPdf1.

For string comparison you can add "" = "" to the where clause.

If you want to perform other select operations ( if you know other table names) then you can append select statements delmited by ;.

UNION operator :

If you know the data types of the columns selected in the query then you can use UNION to get additional data from other tables.

e.g 

  original query :  select  name, age, sex from table1 where id = 1

  sql injected query  :  select name, age, sex from table1 where id = 1 AND 1 = 2 UNION select username, id, password from userstable or someother table.
Venkata Dorisala
  • 4,783
  • 7
  • 49
  • 90
  • It is able to give one record a time only I want multiple record and I think there is application level validation is there for that. – RanchiRhino Feb 05 '17 at 20:22
  • From the code which you shared, i don't think there is any application level validation to restrict it to only one record. Because if you see the `if` condition there, if there are more than 1 record then it is displayed in the grid otherwise probably just few readonly fields. – Venkata Dorisala Feb 05 '17 at 20:38
  • You can try appending `OR 1 = 1` to the `ac_no` value and try .. Post the error you get after trying it. – Venkata Dorisala Feb 05 '17 at 20:42