What is SQL Injection?
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
If the page simply refreshes, the site is not vulnerable. But if an error of any kind pops up, the site is prone to SQLi. When you have successfully found a vulnerable site, proceed to Step 2.[/hide]
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Now here's where it gets tougher (not really). You have to look for errors as you enter new numbers. For example:
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
The goal here is to find the least column the shows the error. As you can see in the example, the lowest column that we found an error on is column 6, therefore, column 6 doesn't exist and there are only 5 columns.
Now we have to find which one of these five columns (it may be different in your case) is vulnerable, to do that, add this code to the end of the URL:
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Make sure to include the - in the beginning and the -- at the end, this is crucial. Remember that the code above may be different in your case regarding how many columns there are.
Now, if you see numbers on the screen. You can proceed. The very first number is the number of the vulnerable column. If the number is "4" that means that the 4th column is the vulnerable column.
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
If the version is 5 or above, proceed. If not, it will be harder to hack. There are other tutorials covering how to hack database versions 4 or lower.
Now we must find the database name. To do this, replace the "@@version" from before with "concat(database())" like this:
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
And BOOM! The database name should appear on your screen. Copy this somewhere safe, we will need this for later.
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Now, names appear. Look for obvious names hinting to tables where user information can be stored. You are looking for table names such as "Admin", "Users", "Members", "Admin_Id", Admin_pass", "User_id", etc..
The last character is chopped off? Don't worry. Count how many tables you can see, then add this code based on the tables that you can see. We will be assuming that the last table you can see is the 8th table.
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
This code is to view the 9th table. Replace the 8 with a 9 to view the 10th table, and so on until you find the table that you think has the most crucial information.
When you find the table, copy the name somewhere safe. We will need both the database and table names for the next step.
For this tutorial, we will be using the table name of "admin".
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Didju get an error? OH NO! YOU FAIL. Choose another site. Just kidding.
Go
[To see links please register here]
and type in your table name where is says "Say Hello to My Little Friend".
In my case, this is the string that I got after I inputted "admin" to the input space:
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Now, replace the table name with hex as so:
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Notice how I added the "0x", that is to indicate that hex is being used. Remember to get rid of the quotes.
Now after you enter this code, you should see where all the juicy information is contained. An example of what you should see is:
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Now say you want to view what is in the "Admin_Username" and the "Admin_pass", add this code (in this example we will be using "database" as the database name and "admin" for the table name):
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
The "0x3a" will put a colon to where the information will be separated. You should get something like this:
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
The username is "MyName" and the password is.. WAIT! That is MD5, crack this using Havij. Download Havij
[To see links please register here]
.
Now as you can see. This is the login info:
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
Now all you have to do is find the admin page, which is usually
Hidden Content
You must
[To see links please register here]
or
[To see links please register here]
to view this content.
or something similar. There are tools online that will find you the admin page.
Any questions? PM me.
Well, that's it for this tutorial! Thanks for reading! :thumbs:
+rep for my work is appreciated.[/hide]
Thanks for the clear tutorial. Awesome!! Even a n00b like me can at least understand it.[/hide]
[/hide]
[/hide]
[/hide]
]
