» Question on SQL Injection and Absinthe

[Nancio]

Hello

I want to try some blind SQL injections with Absinthe.
I have already tested manually that my target site is valnurable to sql injections, but in the manual of Absinthe it says that the target URL should also contain the specific port.

Is there any program / scanner with which i can find out the port of a website?

And furthermore does it matter whether I use socks or proxies for my own security. Should I prefer socks like socks5 over proxies? I can specify both in Absinthe's options.

Another thing that surprised me was when I tested another site for sql injection valnurability, I added a ' to &id=' and content on the page disappeared.
But when I tried to do a next test with "and 1=1" and "and 1=2" nothing happened no changes at all, why is that?

I would be grateful for any help.

[MaXe]

Quote:

Originally Posted by Nancio

Hello

I want to try some blind SQL injections with Absinthe.
I have already tested manually that my target site is valnurable to sql injections, but in the manual of Absinthe it says that the target URL should also contain the specific port.

The target port for HTTP is (almost) always port 80. For HTTPS it's port 443.

Absinthe is a cool program though I haven't really used it that much, I
prefer Pangolin (even the free edition is cool though Pro is a little better).

You should try it out, google this: Pangolin SQL Injection Tool

Quote:

Originally Posted by Nancio

Is there any program / scanner with which i can find out the port of a website?

NMAP is a Network Mapper / port scanner. However you don't need a program
or scanner in order to find the port. Here's a list of port numbers:
http://www.iana.org/assignments/port-numbers (eventually you'll remember the most common).

Quote:

Originally Posted by Nancio

And furthermore does it matter whether I use socks or proxies for my own security. Should I prefer socks like socks5 over proxies? I can specify both in Absinthe's options.

That's all up to you, but keep in mind that even though it is possible to
send data through socks5 and socks4 proxies then you should use an
anonymous http proxy in my opinion.

Personally I prefer tunneling data through SSH or VPN.

Quote:

Originally Posted by Nancio

Another thing that surprised me was when I tested another site for sql injection valnurability, I added a ' to &id=' and content on the page disappeared.
But when I tried to do a next test with "and 1=1" and "and 1=2" nothing happened no changes at all, why is that?

That is because no data is retrieved via the SQL-query

The query could have looked like:

Code:

SELECT * FROM articles WHERE id = '$id';

In your case if the site is secured properly the query would've looked like:
Example 1:

Code:

SELECT * FROM articles WHERE id = '\'';

Example 2:

Code:

SELECT * FROM articles WHERE id = '\" and 1=1';

Example 3:

Code:

SELECT * FROM articles WHERE id = '\" and 1=2';

When you don't know the code, you must know that there are different
ways to attack web applications. In some cases you will need ' , in others "
and in the third way you may need a blank space before the AND operator.

The reason why all of the above failed is because the query was incorrect.

Quote:

Originally Posted by Nancio

I would be grateful for any help.

No problem

[ccoder]

MaXe , pangolin isn't infected ? i have heared all version all backdoored by coder .

[MaXe]

Quote:

Originally Posted by ccoder

MaXe , pangolin isn't infected ? i have heared all version all backdoored by coder .

They probably are since they originate from China, however I don't really care
since I used it on an installation where there was no secret information at all.

Just use it in a VM, the program is doing it's job very well

[Nancio]

Thanks a lot MaXe for taking the time and answering all my questions that detailled.

I will try to use some of the sql hints you suggested.

[MaXe]

No problem, it was an easy question for me and I had fun giving a good reply

Thus someone else might see this in the future and learn as well.