Thursday, February 27, 2025
HomePENTESTINGHow to Perform Manual SQL Injection While Pentesting With Single Quote Error-Based...

How to Perform Manual SQL Injection While Pentesting With Single Quote Error-Based Parenthesis Method

Published on

SIEM as a Service

Follow Us on Google News

If you are trying to hack the databases with methods like single quotes error-based injection, Integer based injection, or double quotes method but the databases are not vulnerable to those methods Manual SQL Injection will fail and you cannot connect with the database.

In short, the error-based Manual SQL injection will use a single quote to break the query and join the query, Integer-based injection will be joining the query without the single quote and double quotes will be joining the query with double quotes.

So Today we are about to learn another method which is Single Quote Error Based Parenthesis in the MySQL database in order to perform Manual SQL Injection.

Manual SQL Injection Online Lab:

  • Beginners can use this website to practice skills for SQL injection.
  • To Access the LAB Click Here

STEP 1: Breaking the Query

  • Let me try out with error based single quote injection method

  • The above figure shows a double quote error based on not working.

  • The above figure shows that Integer-based injection not working.

  • The above figure shows single quotes are breaking the database so it’s vulnerable to SQL injection.

STEP 2: Copying the Error Statement 

  • Copy and Paste the SQL Error statement into Notepad.

  • The above figure shows that Highlighted single quotes with parentheses is breaking the backend database.
  • Now you can find out this is a Single quote error-based parentheses injection.

STEP 3: Joining the Query

  • Let us add –+ to join the query http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1′) –+

  • The above figure illustrates SQL errors are fixed with –+

STEP 4: Finding the Backend Columns using Manual SQL Injection

  • It is time to have a conversation with the database to find the number of columns. To enumerate columns we can use order by command.

  • The above Figure shows the Database with the error statement Unknown column ‘5’ in ‘order clause and this error statement says as “There are only 4 columns in the database”.

STEP 5: Finding the Backend Tables  using Manual SQL Injection

  • SQL backend may contain more Tables names with empty data also. Therefore You should first be able to find out which table names are present in these 4 columns.
  • Now we can select all 4 columns with union all select to existing URL.

  • Number 2 is the right path for database names and more. Now we have successfully found out.

STEP 6: Finding the Backend Table Names using Manual SQL Injection

  • We already knew the location of the table path, so will directly ask database name, version etc

  • The above figures show the database name found is leettime_761wHole.

  • The above figures show the database version as 5.6.36-cll-lve

STEP 7: Dumping Database Tables

  • Group_concat() is the function that returns a string with the concatenated non-NULL value from a group.
  • So we can use this Function to list all Tables from the database.
  • In Addition, we can use Information_Schema to view metadata about the objects within a database.

  • The Above Figure shs the dump of all tables as testtable1, user logs, and users.

STEP 8: Dumping all Data in Columns of Tables

  • We can dump users

  • The Above Figure shows the dump of all columns of tables containing id, username, password,user_type, sec_code.

STEP 9: Dumping all Usernames

  • The Above Figure shows the dump of all usernames admin, decompiler, devilhunte, grayhat, injector, khan, Zen, Zenodermus.

STEP 10: Dumping all passwords

  • The Above Figure shows the dump of all passwords in the database. HAPPY HACKING !!!

Also Learn: Mastery Web Hacking and Penetration Testing Complete Bundle

Latest articles

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications

The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has...

Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2

A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government,...

Unpatched Vulnerabilities Attract Cybercriminals as EDR Visibility Remains Limited

Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency...

Threat Actors Attack Job Seekers of Fortune 500 Companies to Steal Personal Details

In Q3 2024, Cofense Intelligence uncovered a targeted spear-phishing campaign aimed at employees working...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

10 Best Penetration Testing Companies & Services in 2024

Penetration Testing Companies are pillars of information security; nothing is more important than ensuring...

Web Server Penetration Testing Checklist – 2024

Web server pentesting is performed under three significant categories: identity, analysis, and reporting vulnerabilities such as...