sql injection

sql injection - SQL Injection Right. This is in depth...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
SQL Injection Right. ........ This is in depth tutorial with pics XD on how to do SQL injection correctly. I take it you know what SQL injection is. ... The basics I mean XD you wouldn't be here otherwise would you? Let's get a cracking. #1.Finding vulnerable sites #2.Finding amount of columns #3.Getting mysql version current user #4.Getting Databases #5.Getting Tables #6.Getting Columns #7.Getting Usernames and Passwords Let's do this mofo's #1. You can't SQL a site unless you first locate one, "How do we do this?"" Is the question rolling around your heads, Well. ..... We use something called a Dork "I beg your pardon, Do this mofo call me a dork" A Google dork XD,It's what can be used in order to locate vulnerable sites through the google search engine.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
A list of common used google dorks: inurl:index.php?id= inurl:news.php?id= inurl:category.php?id= inurl:games.php?id= inurl:forum.php?tid= inurl:newsletter.php?id= inurl:content.php?id= I've found my vulnerable site, Now wtf do I do. ...... Well the common answer to that question is to check if it's vulnerable, In order to do this we add a ' at the end. So for example: http://examplesite.com/news/view.php?id=828 ^ ^ That's the site I found (Remember this is a example) All we do is add a ' Like so: http://examplesite.com/news/view.php?id=828 ' We can add the ' before or after the numbers, It still checks if it is vulnberable. How do I know if it's vulnerable, Well you will see something like this: http://img220.imageshack.us/img220/6660/sqlitut1.jpg
Background image of page 2
Notice the SQL error? That is exactly what we are after, Now it's time to move onto Step 2. #2. Finding amount of columns In order to find the ammount of columns we have to use a orderby statement, The concept behind it is pretty simple, We keep ordering by until a error is received, So. ...
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 8

sql injection - SQL Injection Right. This is in depth...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online