Home » Tutorials » How to hack website with SQL Injection

How to hack website with SQL Injection

in - on 03:02 - No comments
In the name of Allah who is the most benfecant and most Mercifull. 
Hello,How are you?
How to hack website with SQL Injection.

In this tutorial i will tell you how to hack a website with SQL Injection.

 Fisrt telling you the method you should know what is SQL.
SQL means Structure Querry Language.
Through this language we take admin username and password. 
Ok lets start.
First you should have a website valnerable to SQL Injection.
For this you need some Dorks.There are many Dorks but you can simply use these.


As you can see that their are many website you can take anyone of them and try to inject.
Ok lets start it i have have found a website valnerable to SQL Injection.
First for finding that is that website valnerable to SQL or not which you are going to inject.
I am using this site which i have found through these Dorks.

Hit enter and see the result that web is secure.
 See the website is running normally.
As i have tell you that which site you are going to inject is this valnerable to SQL Injection for this we put ' at the end of URL.Just like this.
Hit enter and see the result.You will get result just like this.    
 We have an SQL error.
 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jatinder/public_html/products.php on line 118

Now from this picture you can see that website is valnerable to SQL Injection. 
Now we are sure that website is valnerable to SQL Injection.
Next step is to find the columns of website just follow me.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jatinder/public_html/products.php on line 118 

Same error like previous one its means that 99 column is not in the website now we have to decrease the number of column. 
http://www.comtronics.co.in/products.php?id=30 order by 7-- error again.
http://www.comtronics.co.in/products.php?id=30 order by 6-- error agian.
http://www.comtronics.co.in/products.php?id=30 order by 5-- no error.
Its means that website having 5 columns.
Now we have to find the name of those columns+tables.
Hit enter and see the result.
     

  
Now you can see in the picture too that number 3 column is valnerable of the website so will attack on this column to get admin username+password.Now we have to find the tables.

http://www.comtronics.co.in/products.php?id=-30 union select 1,2,(table_name),4,5 from information_schema.tableswheretable_schema=database()--
Hit enter and see the result.As you can see that their are many othe tables but for us admin table is so important to get his username+password. 
"admin" is the name of table.Now we have to find the columns names.
Hit enter and see the result.
As previous one mean as we have found the tables admin table was important for us so in this password+username columns are important for us to get admin username+password.
Now our all work is done we have find his all detail now simply with the help of admin
columns+tables we will get his username+password.
  
We have find admin username+password within one shot.
We use group_concat to get both username+password in one shot but you can find one by one like this because some website not accept group_concat so for that we can try one by one.
            

Here is the username of admin. 

Here is the password of admin.
   
Happy Hacking. 
I think this tutorial will be helpfull for you.
Note:This tutorial is only for educational purpose only.I will not be responsible for any danger.
Stay Connected.
Thanks.

Labels:

Post a Comment