ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content



Photo

Ultimate SQL Injection Tutorial


  • Please log in to reply
Ultimate SQL Injection Tutorial

#161

ScriptKiddy1
ScriptKiddy1
    Offline
    0
    Rep
    3
    Likes

    Advanced Member

  • PipPipPipPip
Posts: 97
Threads: 10
Joined: Jul 05, 2018
Credits: 0
Deal with caution
User has an open scam report.
Six years registered
#161

thanks brothaa


  • 0

#162

ravemelissa
ravemelissa
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 7
Threads: 0
Joined: Feb 14, 2020
Credits: 0
Four years registered
#162
She was a good friend

  • 0

#163

xLucy20
xLucy20
    Offline
    0
    Rep
    3
    Likes

    Member

Posts: 43
Threads: 1
Joined: Dec 19, 2019
Credits: 0
Five years registered
#163

needed this. thnaks


  • 0

#164

icryptx
icryptx
    Offline
    0
    Rep
    0
    Likes

    Addicted

Posts: 178
Threads: 2
Joined: Dec 21, 2019
Credits: 0

Five years registered
#164

gonna read this and sorry for necroposting i think


  • 0

#165

LandOLager521
LandOLager521
    Offline
    0
    Rep
    0
    Likes

    New Member

  • PipPip
Posts: 22
Threads: 0
Joined: Feb 11, 2020
Credits: 0

Four years registered
#165

 

SQL Injection Ultimate Tutorial



Note: this tutorial is by Bako from h4ck-y0u.org

SQL Injection is one of the most common web application errors today. It is also one of the most deadliest because it allows remote users to access confidential information such as usernames and credit cards.

With databases being the central core of our economy and all of our nations wealth being held in servers that may be able to be compromised by witty hackers, SQL Injection is a problem that needs to be addresses not to let hackers exploit these errors for their own good, pleasure or challenge but rather to bring awareness to the fact that a simple error caused by a lazy or inexperienced programmer can cause consequences from a simple website deface to the leaking of millions of users financial information. To start this paper out, I provide you with an Outline for MySQL Injection attacks, which will also serve as a table of contents since each section will discuss a separate step in the exploitation process.

MySQL Injection Outline (table of contents):

In Part 1 (this part):

Section 1 - Intro to Basic Database Information

Section 2 - Steps to injections

1)Find out how to close the previous statement & find the right comment to use to end the injection

2)Check for magic quotes

3)Check to see if UNION works

4)Find the number of columns

5)Craft a union statement that doesnt cause an error and see which columns are outputted

6)Check the MySQL version to see if information_schema is present

7)Get the desired column and table names

8)Get your data



In Part 2: (not done yet)

Section 1 - Advanced injections

1)Check for load_file()

2)Check for into outfile

3)Ddos the MySQL server

4)login page injections

5)Possible failures - multi selects

6)Get past magic quotes - where, concat - no load_file

7)The no spaces bug

8)Getting past filters

9)Blind Injection

10)Advanced NOT IN
 

 

Thanks for the share!


  • 0

#166

Runabox
Runabox
    Offline
    0
    Rep
    0
    Likes

    Member

  • PipPipPip
Posts: 30
Threads: 2
Joined: Mar 22, 2020
Credits: 0

Four years registered
#166

thank you for sharing


  • 0

#167

dymka24
dymka24
    Offline
    0
    Rep
    1
    Likes

    Advanced Member

  • PipPipPipPip
Posts: 85
Threads: 0
Joined: Oct 11, 2016
Credits: 0

Eight years registered
#167

check


  • 0

#168

pinoyboy69
pinoyboy69
    Offline
    0
    Rep
    0
    Likes

    Member

Posts: 45
Threads: 0
Joined: Sep 30, 2019
Credits: 0
Five years registered
#168

ncie


  • 0

#169

unityhere
unityhere
    Offline
    0
    Rep
    0
    Likes

    Lurker

Posts: 3
Threads: 0
Joined: Mar 26, 2020
Credits: 0

Four years registered
#169

spoiler & hide please

thank mate


  • 0

#170

johnloeka
johnloeka
    Offline
    0
    Rep
    10
    Likes

    Member

Posts: 41
Threads: 6
Joined: Mar 20, 2020
Credits: 0

Four years registered
#170

 

SQL Injection Ultimate Tutorial



Note: this tutorial is by Bako from h4ck-y0u.org

SQL Injection is one of the most common web application errors today. It is also one of the most deadliest because it allows remote users to access confidential information such as usernames and credit cards.

With databases being the central core of our economy and all of our nations wealth being held in servers that may be able to be compromised by witty hackers, SQL Injection is a problem that needs to be addresses not to let hackers exploit these errors for their own good, pleasure or challenge but rather to bring awareness to the fact that a simple error caused by a lazy or inexperienced programmer can cause consequences from a simple website deface to the leaking of millions of users financial information. To start this paper out, I provide you with an Outline for MySQL Injection attacks, which will also serve as a table of contents since each section will discuss a separate step in the exploitation process.

MySQL Injection Outline (table of contents):

In Part 1 (this part):

Section 1 - Intro to Basic Database Information

Section 2 - Steps to injections

1)Find out how to close the previous statement & find the right comment to use to end the injection

2)Check for magic quotes

3)Check to see if UNION works

4)Find the number of columns

5)Craft a union statement that doesnt cause an error and see which columns are outputted

6)Check the MySQL version to see if information_schema is present

7)Get the desired column and table names

8)Get your data



In Part 2: (not done yet)

Section 1 - Advanced injections

1)Check for load_file()

2)Check for into outfile

3)Ddos the MySQL server

4)login page injections

5)Possible failures - multi selects

6)Get past magic quotes - where, concat - no load_file

7)The no spaces bug

8)Getting past filters

9)Blind Injection

10)Advanced NOT IN
 

 

upvote this motherf*cker


  • 0


 Users browsing this thread: