Forum Thread: What Database?

So I want to test a website for sql injection, BUT how do I find out what database it's using or if it's even using a database at all ( but it has to as there are all kind on forms ) ?

Can't find any useful info anywhere .
Thanks

5 Responses

You should first try to find out if said website uses a known CMS (like wordpress, vbulletin, magento...). Look in the page source for relevant metadata, comments, copyright notice to find out. Fingerprint your target, first thing first.

Second, you can try known vulns for that CMS, or in case it's a custom one, you have to tinker with user input by yourself (check GET, POST parameters etc) . Don't forget to check cookies, browser headers as well, as amateur custom made cms always leave big holes.

When something goes wrong, the error page will likely tell you what kind of DB is on the backend.

Also, make sure you are authorized by the site admins to perform such tests before starting.

Good luck !

"You should first try to find out if said website uses a known CMS"
"Second, you can try known vulns for that CMS"

It's a custom made so no "standard" CMS vulns and it's custom made by a pretty professional programming agency so ...

"Also, make sure you are authorized by the site admins to perform such tests before starting." - always

It's made by a friend of mine and I am testing my "skills" on a live example - that could potentially help him

ps: he made me a test account to help me - would this meter in finding what I am looking for ?

Well then, just start a manual search for page inputs and try to insert unexpeced values and see how the server reacts. Or, if you want to do something more automatic, Burp Suite is a program that you might want to check out. But if you're still learning, start with manual search to better understand what you are doing. When you know how it works, the automated process will save you some time with the boring stuff.

sqlmap is pretty. straight. forward for sqlinjection

still can't manage to determine the database.
here is what I've got so far:

when i am on website ( as guest ):

GET /somepage HTTP/1.1_

Host: blablabla.com

User-Agent: Mozilla/5.0 (X11; Linux x8664; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.1

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie:

guesttkt="f49fbae44feefd18e265d118f5d91df83629d9f5e3c0d65290007fc08a98be5d39b33e749ae8f3abf09dad70f6f208bf0ca436c11c934dce4d5b651050411f5555f42e81ZWE2OWI3Yw%3D%3D!guest\054issued-567f2e3d-1442066049!useridtype:b64str"; ga=GA1.2.1963213799.1442066051; gat=1; lang=en-US

Connection: keep-alive

after logging in:

GET /resources/member/somepage?=1442217704456 HTTP/1.1_

Host: blablabla.com

User-Agent: Mozilla/5.0 (X11; Linux x8664; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.1

Accept: application/json, text/javascript, /; q=0.01

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

X-Requested-With: XMLHttpRequest

Referer: http://blablabla.com/something/

Cookie:

guesttkt="f49fbae44feefd18e265d118f5d91df83629d9f5e3c0d65290007fc08a98be5d39b33e749ae8f3abf09dad70f6f208bf0ca436c11c934dce4d5b651050411f5555f42e81ZWE2OWI3Yw%3D%3D!guest\054issued-567f2e3d-1442066049!useridtype:b64str"; ga=GA1.2.1963213799.1442066051; gat=1; lang=en;

authtkt="b151c1ae556cf85008e4fb8657a6c0b32f291ee02679edc8acf8a35dd86a773bb8801f2944674178d485a32f1f091eb27e69bcb400fb64b9657d517a714ac7d655f67ee7bnIzNGU%3D!member\054premium\054segpay-34645045\054active\054expire-1443229845\054issued-bc1ad054-1442217702!useridtype:b64unicode"

Connection: keep-alive

Share Your Thoughts

  • Hot
  • Active