Jump to content
MaxCheaters Official Group on Discord
Top.MaxCheaters.com is now OPEN – Lineage 2 Top Listing

How to hack a website with Sql Injection

MrHotFire

By MrHotFire
in Hacking Tutorials & Guides

 Share

Recommended Posts

MrHotFire Newbie

MrHotFire

Posted
Posted

Credits Olympus&Me.

 

 

 

 

 

This is an simple guide of how to hack an website with SQL.

 

First of all we need to find an website.

To do this us a google dork.

Enter inurl:id=5 in the searchbox and press enter.

 

If you found the site that you want let's see if it's vulnerable.

Just add the ( ' ) to the end of the url.

 

An window is gonna 'bump' and is gonna say 'Error Executing Database Query.'

"You have an error in your SQL...etc...."  (if something like this or a black is gonna show you an black the page is vulnerable).

 

 

The way to check how many columns there are is this one:

Just order by 1/* to the end of the url and keep increasing it until you get an error.(p.x www.test.com order by 1/*,www.test.com order by 2/*...etc...)

When you will get an error p.x at the 100 it means that they are 99 columns.

 

Now that we found how many columns there are we use the union command.

Just make the id negative and add union all select (columns)/* to the end of the url.

 

So in my 'case:

union all select 1,2,3....99/*  (because of the 99 columns).;)

 

 

If 'your' site is version 5 then you can see all the tables+columns.

wHEN THE VERSION IS LOWER THAT 5 THEN YOU HAVE TO GUESS THE TABLES AND COLUMNS (COMMON ARE:USERS,USER,USR,USRS,ADMIN,ADMINS,memmber,members.....etc...)

Common columns are:user_name,username,user,passowrd....

 

Now at the version 5 to view the tables you will have to replace the digit shown on your screen(I have 99) with table_nameand at the end of the url of the url you will add from information_schema.tables/*

Now to check your version it might show you 2 or other digits.Let's say that my version is 78.

So in my case I am gonna replace 78 with versions() or @@version(when is gonna show you 2 at your screen you will have to replace 2 with the version() or the @@version.).

p.x www.test.com union all select 1,2,3,version@@,5,6,7,...etc..99/*    This is gonna show you the system like Microsoft,Debian..etc....

 

 

Now it shows you all the tables.After that use ctrl+F to search for something that you like.(p.x:users)

Note:if is gonna show you only one table then we should use limit.( add limit 0,1/* to the end of the url and keep increasing the 0 until you are gonna find something that you like.).

 

 

 

 

I said that an interesting thing was the users.

If you want to find passwords&usernames then replace the table_name with:

column_name and replace from informations_schema.tables with from informations_schema.columns.

Now you should search something like username&password.

 

 

 

Now if you have found everything let's display it on our screen.

To do this I am gonna replace 99 with concat.(username,test,passowrd)and at the end of the url I am will add from users/*    .  (they may have an different and not users.Search it.).

*conact will put the username and password in this form:"username:password" without the quotes of course.).

So when you will find the table with the users..etc...the usernames are stored in the column user and the password are stored in the column user and passwords are stored in the column pwd you use concat.(user,test,pwd) and at the end of the url you will add users/*  .

 

That's it.I hope to have fun with this little and simple guide.

Analyser_ Newbie

Analyser_

Posted
Posted

Simple guide of how to hack and site with SQL.

 

First change the tittle to : How to hack a website with Sql Injection.

 

Second  Sql is not a hacking tool is just a type of database so "This is an simple guide of how to hack an website with SQL." this don't make sense.

 

We live in 2012 you need something better. :) Give me a pm if you want I can help you a bit .

 

 

MrHotFire Newbie

MrHotFire

Posted
  • Author
Posted

Simple guide of how to hack and site with SQL.

 

First change the tittle to : How to hack a website with Sql Injection.

 

Second  Sql is not a hacking tool is just a type of database so "This is an simple guide of how to hack an website with SQL." this don't make sense.

 

We live in 2012 you need something better. :) Give me a pm if you want I can help you a bit .

 

 

Not for the time being+thanks.

p.s what grade you have?(white,red...etc....)

As you see I am an amateur 'hacker'.

I am learning.;)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • GX-Ext
      Maxtor is giving reputation points to GX-EXT

      By GX-Ext · Posted

      Thank you very much. It would also be good if you looked into this issue. UnknownSoldier has been manipulating me to make me look bad. He deleted all the evidence I uploaded and left all the insults against me. You'll also see that on April 26th, he reopened the thread and then locked it again just so his friend from Argentina could post: links down :l XD   In the thread: https://maxcheaters.com/topic/253997-sourceservercliente-l2devs-files-l2devscom/page/2/ They do this so they can later tell people that I deleted the links because it was a lie, and so on. Realize that all the damage you're causing is related to this same person. Regards and thank you very much! 🙂 PS: I would like UnknownSoldier to publish the evidence for why he has repeatedly called me a SCAMMER and explain why he also says that to other people. This person is using forum privileges to smear and discredit those who don't work with him. I WANT ALL THE EVIDENCE OF WHAT HE'S SAYING.  
    • Celestine
      Maxtor is giving reputation points to GX-EXT

      By Celestine · Posted

      Theres a lot of drama going on about Guytis scamming people. I want real, solid proof showing that he scammed anyone attach everything you have.   About reputation: we’re all adults here, yet some are acting like kids fighting over pixels. Think before spreading rumors. False claims don’t make you look better they make you look worse.   I’m waiting for actual evidence that he scammed any user. If there’s nothing to back it up, I’ll deal with it myself. Time’s running out this has been going on long enough.
    • Celestine
      [REPORT] Baylee (l2admin)

      By Celestine · Posted

      I’ve read the whole topic about Baylee and Protojah. From what I can see, Baylee wanted to buy some htmls and they agreed on a price. Later, Baylee changed her mind and decided not to go through with it. The product wasn’t delivered because Baylee changed her mind. Even if she initially agreed to the price, to avoid confusion. if the files had been sent and payment not made, I would call it a scam. But since they weren’t sent, this isn’t a scam.   I want to stress that I try to be fair to everyone, no matter the situation.   Yeah, Protojah did put in time and effort, and that’s fine, but disagreements happen all the time, even in real life jobs, no matter what the work is. I’m going to lock this topic to avoid more drama. Please keep all personal issues in private messages. And before anyone says anything else I’m not taking sides. I don’t protect scammers and I ban them, but since this isn’t a scam, you both should resolve this situation in DMs.
    • RMTgold
      Buying & Selling Wynncraft Stx

      By RMTgold · Posted

      PAYPAL& BINANCE
    • RMTgold
      Buying & Selling WOW Gold

      By RMTgold · Posted

      PAYPAL& BINANCE

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..