ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content



Photo

Ultimate SQL Injection Tutorial


  • Please log in to reply
Ultimate SQL Injection Tutorial

#1

gametop
gametop
    Offline
    0
    Rep
    8
    Likes

    New Member

Posts: 20
Threads: 6
Joined: Oct 01, 2015
Credits: 0
Nine years registered
#1

SQL Injection Ultimate Tutorial



Note: this tutorial is by Bako from h4ck-y0u.org

SQL Injection is one of the most common web application errors today. It is also one of the most deadliest because it allows remote users to access confidential information such as usernames and credit cards.

With databases being the central core of our economy and all of our nations wealth being held in servers that may be able to be compromised by witty hackers, SQL Injection is a problem that needs to be addresses not to let hackers exploit these errors for their own good, pleasure or challenge but rather to bring awareness to the fact that a simple error caused by a lazy or inexperienced programmer can cause consequences from a simple website deface to the leaking of millions of users financial information. To start this paper out, I provide you with an Outline for MySQL Injection attacks, which will also serve as a table of contents since each section will discuss a separate step in the exploitation process.

MySQL Injection Outline (table of contents):

In Part 1 (this part):

Section 1 - Intro to Basic Database Information

Section 2 - Steps to injections

1)Find out how to close the previous statement & find the right comment to use to end the injection

2)Check for magic quotes

3)Check to see if UNION works

4)Find the number of columns

5)Craft a union statement that doesnt cause an error and see which columns are outputted

6)Check the MySQL version to see if information_schema is present

7)Get the desired column and table names

8)Get your data



In Part 2: (not done yet)

Section 1 - Advanced injections

1)Check for load_file()

2)Check for into outfile

3)Ddos the MySQL server

4)login page injections

5)Possible failures - multi selects

6)Get past magic quotes - where, concat - no load_file

7)The no spaces bug

8)Getting past filters

9)Blind Injection

10)Advanced NOT IN

Hidden Content
You'll be able to see the hidden content once you reply to this topic or upgrade your account.


Edited by gametop, 03 October 2015 - 07:57 PM.

  • 5

#2

0xide
0xide
    Offline
    83
    Rep
    2517
    Likes

    Veteran

Posts: 730
Threads: 56
Joined: Jul 13, 2015
Credits: 0

Nine years registered
#2

spoiler & hide please


  • 11

#3

gametop
gametop
    Offline
    0
    Rep
    8
    Likes

    New Member

Posts: 20
Threads: 6
Joined: Oct 01, 2015
Credits: 0
Nine years registered
#3

spoiler & hide please

i hide it now


  • 0

#4

Hadr0x
Hadr0x
    Offline
    3
    Rep
    147
    Likes

    Bye :)

Posts: 408
Threads: 44
Joined: Jul 19, 2015
Credits: 0
Nine years registered
#4

This is explanation for manual sql injection, which, unless you're trying to hack a specific site is going to be nearly useless. But the tutorial is extremely detailed even though you didn't write it. For most people doing it for combos is just to use the sqli dumper :)


  • 1

Memories:
Dangerman: :broly: :broly: :broly:  - Hadriiw: Scarras account - Miro: lies. -  HugoTheBaws: rat and scam :pepo: - Akame: He finally got a life. - Swatomgg: he is still a bitch ass nigga. - Royals: He probably also got a life - Chenyao: DDoS nulled auth :pepe: - Icy: Only one not bullying. - Allasthor: Br. - Astero: cs:go  - Dan: Monkey and cool. - Porn: combos  - Helios: Dropping gosdb.pw  - Timmy: is evil  :wub: - Ken: Extremely sexy. - Killer: bulgaria + haxd - Levathian: is a bot. - Miku: piss fetish. - Fagget: leet db chexor - Nevachana: i dont know why the fuck you are in the skype group other than the occasional hentai. - Radio: Religion discussions. - Stan: Being thrash. - Stefsot: Haxing bol scripts but not really - Plebgod: Told me i scan shit on malwarebytes. - Cem: Is a living legend and is rich :pepo:
Thanks for everything nulled :)
May my :pepe: and :pepo: remind you of me


#5

sirFlacko
sirFlacko
    Offline
    2
    Rep
    1
    Likes

    Addicted

Posts: 158
Threads: 4
Joined: Feb 05, 2015
Credits: 0

Nine years registered
#5

thank you mate


  • 0

https://redengine.eu/

 

Public Discord Customer:

https://discord.gg/ytSYBZeDpM

 

 


#6

0xide
0xide
    Offline
    83
    Rep
    2517
    Likes

    Veteran

Posts: 730
Threads: 56
Joined: Jul 13, 2015
Credits: 0

Nine years registered
#6

i hide it now

spoiler please too


  • 0

#7

gametop
gametop
    Offline
    0
    Rep
    8
    Likes

    New Member

Posts: 20
Threads: 6
Joined: Oct 01, 2015
Credits: 0
Nine years registered
#7

this tutorial is for begginers to know what is sql injection and how it work.


  • 0

#8

Krossom
Krossom
    Offline
    0
    Rep
    17
    Likes

    She Spider

Posts: 122
Threads: 14
Joined: Jul 24, 2015
Credits: 0
Nine years registered
#8

second part when?


  • 0

*Ice Cream*

:wub:


#9

thanhviet214
thanhviet214
    Offline
    0
    Rep
    20
    Likes

    Always have something to share

Posts: 565
Threads: 2
Joined: Sep 08, 2015
Credits: 0
Nine years registered
#9

Thanks for the share :D


  • 0

--> Always have something to share <--

 


#10

ghekka
ghekka
    Offline
    0
    Rep
    0
    Likes

    Member

Posts: 46
Threads: 0
Joined: Sep 13, 2015
Credits: 0
Nine years registered
#10

thanks for sharing this guide :)


  • 0


 Users browsing this thread: and 1 guests