Manual Testing and Exploitation of an SQL Injection

Question

So I read over this, this and this. I understand WHAT an sql injection is and the different TYPES of sql. But none of these guides give a definitive example on how to find, enumerate and exploit the different injection by hand. I'm looking for an answer to explain how to MANUALLY run through an sql injection process. If possible, please show examples for the different type of injections and how to enumerate different pieces of information critical to an sqli attack.

A few references;

http://www.imperva.com/resources/glossary/sql_injection.html Gives a pretty good walk through on the process.
http://ha.ckers.org/sqlinjection/
https://www.owasp.org/index.php/SQL_Injection

score 4 · Accepted Answer · answered Oct 09 '12 at 04:29

4

How about this? http://hackonadime.blogspot.com/2011/07/manual-sql-injection-without-tools.html

answered Oct 09 '12 at 04:29

Jackie

56
1

4

This is a really good resource, but as a rule we try to avoid links without explanation. It would be wonderful if you could find the time to come back and summarize the core parts of the article you've linked to. – Jeff Ferland Oct 09 '12 at 05:56

Manual Testing and Exploitation of an SQL Injection

1 Answers1