Jump to content

Recommended Posts

Posted

Credits Olympus&Me.

 

 

 

 

 

This is an simple guide of how to hack an website with SQL.

 

First of all we need to find an website.

To do this us a google dork.

Enter inurl:id=5 in the searchbox and press enter.

 

If you found the site that you want let's see if it's vulnerable.

Just add the ( ' ) to the end of the url.

 

An window is gonna 'bump' and is gonna say 'Error Executing Database Query.'

"You have an error in your SQL...etc...."  (if something like this or a black is gonna show you an black the page is vulnerable).

 

 

The way to check how many columns there are is this one:

Just order by 1/* to the end of the url and keep increasing it until you get an error.(p.x www.test.com order by 1/*,www.test.com order by 2/*...etc...)

When you will get an error p.x at the 100 it means that they are 99 columns.

 

Now that we found how many columns there are we use the union command.

Just make the id negative and add union all select (columns)/* to the end of the url.

 

So in my 'case:

union all select 1,2,3....99/*  (because of the 99 columns).;)

 

 

If 'your' site is version 5 then you can see all the tables+columns.

wHEN THE VERSION IS LOWER THAT 5 THEN YOU HAVE TO GUESS THE TABLES AND COLUMNS (COMMON ARE:USERS,USER,USR,USRS,ADMIN,ADMINS,memmber,members.....etc...)

Common columns are:user_name,username,user,passowrd....

 

Now at the version 5 to view the tables you will have to replace the digit shown on your screen(I have 99) with table_nameand at the end of the url of the url you will add from information_schema.tables/*

Now to check your version it might show you 2 or other digits.Let's say that my version is 78.

So in my case I am gonna replace 78 with versions() or @@version(when is gonna show you 2 at your screen you will have to replace 2 with the version() or the @@version.).

p.x www.test.com union all select 1,2,3,version@@,5,6,7,...etc..99/*    This is gonna show you the system like Microsoft,Debian..etc....

 

 

Now it shows you all the tables.After that use ctrl+F to search for something that you like.(p.x:users)

Note:if is gonna show you only one table then we should use limit.( add limit 0,1/* to the end of the url and keep increasing the 0 until you are gonna find something that you like.).

 

 

 

 

I said that an interesting thing was the users.

If you want to find passwords&usernames then replace the table_name with:

column_name and replace from informations_schema.tables with from informations_schema.columns.

Now you should search something like username&password.

 

 

 

Now if you have found everything let's display it on our screen.

To do this I am gonna replace 99 with concat.(username,test,passowrd)and at the end of the url I am will add from users/*    .  (they may have an different and not users.Search it.).

*conact will put the username and password in this form:"username:password" without the quotes of course.).

So when you will find the table with the users..etc...the usernames are stored in the column user and the password are stored in the column user and passwords are stored in the column pwd you use concat.(user,test,pwd) and at the end of the url you will add users/*  .

 

That's it.I hope to have fun with this little and simple guide.

Posted

Simple guide of how to hack and site with SQL.

 

First change the tittle to : How to hack a website with Sql Injection.

 

Second  Sql is not a hacking tool is just a type of database so "This is an simple guide of how to hack an website with SQL." this don't make sense.

 

We live in 2012 you need something better. :) Give me a pm if you want I can help you a bit .

 

 

Posted

Simple guide of how to hack and site with SQL.

 

First change the tittle to : How to hack a website with Sql Injection.

 

Second  Sql is not a hacking tool is just a type of database so "This is an simple guide of how to hack an website with SQL." this don't make sense.

 

We live in 2012 you need something better. :) Give me a pm if you want I can help you a bit .

 

 

Not for the time being+thanks.

p.s what grade you have?(white,red...etc....)

As you see I am an amateur 'hacker'.

I am learning.;)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



  • Posts

    • L2 DEVS - HTML DESIGN (ALL NPC'S)    
    • I only share for free what they are reselling 🙂 You keep crying in all the publications, and if you are looking for h5 or gd wait for 5 or 6 years... cheers.... GENERAL Cached Extended to 8192kb IOBuffer Hair2SlotCache ItemBidAuctioner Clan Hall Current Olympiad Season Rank pages System (Shows Points/Games - Fully Configurable) Automatic Flag Around Raidboss System Offline Shop & Buffers Restore After Restart (Fixed location) Offline Buffer System PvP Auto Announce System Rebuilt with Extra Addons (Fully Configurable, Name, Zones, Rewards) Automatic Announce System Rebuilt with Extra Addons (Fully Configurable) ALT+B Augmentation House Shift+Click Droplist/Spoil List Epic Items Rank RB points Rank ChangeColorName ChangeColorTitle Change Skin (Race) Change Gender Custom Subclass (Acumulative) Achievements Item Delivery System  Augmentations/Enchants Automatic Announce System Auto Learn Skills PvP Reward Pk Reward War Reward Scheme buffer GlobalChatTrade Trade Augment Items Castle Announce Time Castle Standby Time Fix Spiritshots delay SpellbooksDrop Enable/Disable Drop custom Fully configurable, lvl min max allmobs, allrb, individual New cancel effect min,max BlessedarmorEnchantRate BlessedmagicWeaponEnchantRate BlessednormalWeaponEnchantRate MaxSlosChars MaxSlotsDwarfs Enable or disable all commands Fix fast loading npc OlympiadRestoreStatsOnFightStart OlympiadSystemSecondTimeEnabled OlympiadEnterLast10Minute OlympiadThirdClassSummons MinLevelTrade AnnounceSubClassMsg1 AnnounceSubClassMsg2 AnnounceSubClassMsg3 LimitedSubClassRace NoSellItems Change ID SealStones for AA NoPrivateBuyItems NoDropPlayerOnDie DisableSkillEnchantData Show Level Mobs Show npc clan flag DespawnSummonEnBattle SummonPetEnBattle RideSummonPetEnBattle DitanceToTargetMove EnterWorld_Undying EnterWorld_UnHide BlockWhispMessagePlayerToGM UseItemsWithHide CriticalSkillDamageBonusPer=4.0 Disable SSQSystem OnCastle Siege End Use any dyes Buy halls directly in auctioneer without waiting for the auction, configuration to change the item you consume MensajeEnterWorldServer Command .hero enable/disable hero aura Config vip global chat character, chat by systemsg Soulshots: NoSendSystemMessageUse Panel //admin Global vote reward Agathions system Anti Interface, control all patch files by md5 Command .menu configurable, last restart, name, maxusers, privatestores Spawn protection activate deactivate consume items to activate  Activate or deactivate autoloot for vip characters EVENTS Happy Hour Event reworked Configurable by announcements or systemsg Team VS Team Capture The Flag Death Match Last Man Standing Destroy The Base Korean Style Castle Siege Check if the player is inside the tvt event due to disconnection/critical error Top 1/5 killer reward/announce TimeAfk ResetReuseSkills ResetBuffsOnFinish Firework effect Reward win/lost Add Team Location Title custom Red/blue Open Door/Wall System BalanceBishops Show kills in title Invest positions Show Death To Top Delete Non-Subclass Skills     RELOADS Reload Enterworld Html Option Reload Faction System Reload Donate Shop Reload OfflineBuffer Reload Champion NPC Reload CliExt Reload AntiBot Reload Vip System Reload Auction Reload AutoLoot Reload CastleSiegeManager Reload CharacterLock Reload ClanPvPStatus Reload AutoLearn Reload ClanReputationRank Reload ClanSystem Reload CreatureAction Reload Customs.ini Reload L2server.ini Reload SkillData.txt Reload doordata.txt Reload decodata.txt Reload Multisell Reload DropList   Extender tested for more than 3 years. Assured stability. Possibility of adding MOD's upon request. (Not included, consult).
    • some peoples trash is another mans treasure, is that your treasure?   people might like the content but you are still the rat in the room     thats the community judging you.  
    • Keep reselling what I publish here for free!!! 🙂 GG  
  • Topics

×
×
  • Create New...