Sign In
Create Account
thanks brothaa
Ultimate SQL Injection Tutorial
Started By
gametop
, Oct 03 2015 07:51 PM
#161
Posted 26 January 2020 - 02:37 AM
ScriptKiddy1
Offline
3
Likes
Likes
Advanced Member
Posts: 97
Threads: 10
Joined: Jul 05, 2018
Credits: 0
Deal with caution
User has an open scam report.
User has an open scam report.
Five years registered
#162
Posted 14 February 2020 - 07:50 PM
ravemelissa
Offline
0
Likes
Likes
Lurker
Posts: 7
Threads: 0
Joined: Feb 14, 2020
Credits: 0
Four years registered
#163
Posted 28 February 2020 - 06:39 PM
xLucy20
Offline
3
Likes
Likes
Member
Posts: 43
Threads: 1
Joined: Dec 19, 2019
Credits: 0
Four years registered
#164
Posted 08 March 2020 - 01:17 PM
icryptx
Offline
0
Likes
Likes
Addicted
Posts: 178
Threads: 2
Joined: Dec 21, 2019
Credits: 0
Four years registered
#165
Posted 23 March 2020 - 07:31 PM
LandOLager521
Offline
0
Likes
Likes
New Member
Posts: 22
Threads: 0
Joined: Feb 11, 2020
Credits: 0
Four years registered
#165
Posted 23 March 2020 - 07:31 PM
SQL Injection Ultimate Tutorial
Note: this tutorial is by Bako from h4ck-y0u.org
SQL Injection is one of the most common web application errors today. It is also one of the most deadliest because it allows remote users to access confidential information such as usernames and credit cards.
With databases being the central core of our economy and all of our nations wealth being held in servers that may be able to be compromised by witty hackers, SQL Injection is a problem that needs to be addresses not to let hackers exploit these errors for their own good, pleasure or challenge but rather to bring awareness to the fact that a simple error caused by a lazy or inexperienced programmer can cause consequences from a simple website deface to the leaking of millions of users financial information. To start this paper out, I provide you with an Outline for MySQL Injection attacks, which will also serve as a table of contents since each section will discuss a separate step in the exploitation process.
MySQL Injection Outline (table of contents):
In Part 1 (this part):
Section 1 - Intro to Basic Database Information
Section 2 - Steps to injections
1)Find out how to close the previous statement & find the right comment to use to end the injection
2)Check for magic quotes
3)Check to see if UNION works
4)Find the number of columns
5)Craft a union statement that doesnt cause an error and see which columns are outputted
6)Check the MySQL version to see if information_schema is present
7)Get the desired column and table names
8)Get your data
In Part 2: (not done yet)
Section 1 - Advanced injections
1)Check for load_file()
2)Check for into outfile
3)Ddos the MySQL server
4)login page injections
5)Possible failures - multi selects
6)Get past magic quotes - where, concat - no load_file
7)The no spaces bug
8)Getting past filters
9)Blind Injection
10)Advanced NOT IN
Thanks for the share!
#166
Posted 24 March 2020 - 12:56 AM
Runabox
Offline
0
Likes
Likes
Member
Posts: 30
Threads: 2
Joined: Mar 22, 2020
Credits: 0
Four years registered
#167
Posted 24 March 2020 - 01:59 AM
dymka24
Offline
1
Likes
Likes
Advanced Member
Posts: 85
Threads: 0
Joined: Oct 11, 2016
Credits: 0
Seven years registered
#168
Posted 25 March 2020 - 11:46 PM
pinoyboy69
Offline
0
Likes
Likes
Member
Posts: 45
Threads: 0
Joined: Sep 30, 2019
Credits: 0
Four years registered
#169
Posted 26 March 2020 - 10:52 AM
unityhere
Offline
0
Likes
Likes
Lurker
Posts: 3
Threads: 0
Joined: Mar 26, 2020
Credits: 0
Four years registered
#170
Posted 27 March 2020 - 01:13 PM
johnloeka
Offline
10
Likes
Likes
Member
Posts: 41
Threads: 6
Joined: Mar 20, 2020
Credits: 0
Four years registered
#170
Posted 27 March 2020 - 01:13 PM
SQL Injection Ultimate Tutorial
Note: this tutorial is by Bako from h4ck-y0u.org
SQL Injection is one of the most common web application errors today. It is also one of the most deadliest because it allows remote users to access confidential information such as usernames and credit cards.
With databases being the central core of our economy and all of our nations wealth being held in servers that may be able to be compromised by witty hackers, SQL Injection is a problem that needs to be addresses not to let hackers exploit these errors for their own good, pleasure or challenge but rather to bring awareness to the fact that a simple error caused by a lazy or inexperienced programmer can cause consequences from a simple website deface to the leaking of millions of users financial information. To start this paper out, I provide you with an Outline for MySQL Injection attacks, which will also serve as a table of contents since each section will discuss a separate step in the exploitation process.
MySQL Injection Outline (table of contents):
In Part 1 (this part):
Section 1 - Intro to Basic Database Information
Section 2 - Steps to injections
1)Find out how to close the previous statement & find the right comment to use to end the injection
2)Check for magic quotes
3)Check to see if UNION works
4)Find the number of columns
5)Craft a union statement that doesnt cause an error and see which columns are outputted
6)Check the MySQL version to see if information_schema is present
7)Get the desired column and table names
8)Get your data
In Part 2: (not done yet)
Section 1 - Advanced injections
1)Check for load_file()
2)Check for into outfile
3)Ddos the MySQL server
4)login page injections
5)Possible failures - multi selects
6)Get past magic quotes - where, concat - no load_file
7)The no spaces bug
8)Getting past filters
9)Blind Injection
10)Advanced NOT IN
upvote this motherf*cker
Users browsing this thread:
