SDMTEAM
Main | Sign Up | Login Welcome Guest | RSS
[ New messages · Members · Forum rules · Search · RSS ]
Page 1 of 11
Forums » ..:: Security Test ::.. » Accounts Dumps » ULTIMATE SQL injection Tutorial, Very Detailed + Pics
ULTIMATE SQL injection Tutorial, Very Detailed + Pics
NoSorryDate: Tuesday, 19-07-2011, 4:42 PM | Message # 1
SDM Mega Member
Group: Moderators
Messages: 665
Awards: 2
Reputation: 1
Status:
Today I will show you how SQLi can be easy smile

Introduction:

This is very simple, just use these dorks with a SQLi scanner, or Google them check every site by yourself.

Now to check manually a site if it is vulnerable, just add ' at the end of the url:

For example, we have our target,
:
Available for users only

Now, we want to check if this is SQLi vulnerable, so we add ' at the end:
:
Available for users only

If we got an error, that means that the site is vulnerable!

So, now we move on to the next step.

How To Find Columns Count:

After you have your vulnerable site, you need to know his columns count, to do this, just add "order by X--" at the end of the URL,
X is a number from 1 to unlimited.

For example, we have our target server and we try to count columns,
we add order by 1-- at the end , then order by 2--,ect. Always increase number until u got an error in your website like thise one:

So, in our target server, we have tried this:

Available for users only

Available for users only order by 8-- >> Unknown column
That means that the 8th column does not exist, that means that column count is 7!

How to Find The Accessible Columns:

Now, we now that column count which is 7, next step is to check for acsessable columns, to do that, we use this querie "UNION SELECT number,of,columns--" like this:
:Available for users only

You will get something like this:

That means that we can get information from the site from the 6th, the 2nd and the 3rd column!

How To Get MySQL DB Version:

We need to know MySQL DB Version to know if we can exploit this site or not, cause every site that is using MySQL 4.x.x you wont be able to work on it, but every 5.x.x or above is exploitable.
So to know MySQL DB Vesrion, just replace the number of the used column with "@@version"

For example:

Available for users only

That means that we can continue working on this site.

How To Find Database Name:

Now , we are going to inject the site to find the DB Name,
to do this, replace the used column number with "group_concat(schema_name)", and add "from information_schema.schemata--" after the last column number, for example:
:
Available for users only

Now, to use the one the website uses, replace "group_concat(schema_name)" with "concat(database())" for example:
:

Available for users only

Congrats, you got the used DB!

How to Get The Table Names:

Now we need to get table names, to do this, replace the used column number with "group_concat(table_name)" and add "from information_schema.tables where table_schema=database()--" at the end of columns number.

:

Available for users only

How To Get Column Names:

To get column names, we will use this querie:
group_concat(column_name)
from information_schema.columns where table_schema=database()--

Example:
:
Available for users only

How To Get Informations From Columns:

Now, we are in our final step, now we will get the admin info from column, how to do it?
Simple, follow this example:

:

Available for users only

So our exploit will be like this:

:

Available for users only



Always remember to be happy because you never know who's falling in love with your smile.
 
Forums » ..:: Security Test ::.. » Accounts Dumps » ULTIMATE SQL injection Tutorial, Very Detailed + Pics
Page 1 of 11
Search:

Copyright MyCorp © 2017