I’ll be showing you how to do some sick sqli on windows. pretty simple.
you should get this funny bar.
- Download FireFox
- Download the HACKBAR add on.
- http://www.angelvestgroup.com/info.php?id=-2 UNION SELECT 1,2,group_concat(table_name,0x0a) from information_schema.tables_schema.table where table_schema=0xdb_user– then hit the encoding button then HEX encoding
- Find a vuln. website (must have .php?id=)
- Put an apostrophe (quote) ‘ to see if its vulnerable.
- Error -> Vulnerable
- Paste the URL in hackbar and type order by 1000–
- Keep doing till you get no error
- I go straight to 10 which gives an error -> Even smaller values now.
- SQL -> union select statement -> PUT 3 (since its the one that gives no error.)
- PUT a “-” before your id now. Like this. hit execute.
- It says 3. Now lets find the version. since it says 3, we put all our stuff in the 3 section where it says 1,2,3.
- Awesome : lets get into the bad stuff now 😉
- type what I type.
- type that, and hit execute.
- I got message saying The connection was rest while the page was loading saying the site could be temporarily unavailable or too busy.Try agian in a few moments .
- hit execute
- ALL the Databases 😀
- Lets have a look at the user database 😉 none of the last part worked spent all night welcome to the cyber security world!!!!!
leave a comment