Blog

SQLI ON WINDOWS

I’ll be showing you how to do some sick sqli on windows. pretty simple.

you should get this funny bar.

  1. Download FireFox
  2. Download the HACKBAR add on.
  3. http://www.angelvestgroup.com/info.php?id=-2 UNION SELECT 1,2,group_concat(table_name,0x0a) from information_schema.tables_schema.table where table_schema=0xdb_user– then hit the encoding button then HEX encoding 
  4. Find a vuln. website (must have .php?id=)
  5.  Put an apostrophe (quote) ‘ to see if its vulnerable.
  6.  Error -> Vulnerable
  7.  Paste the URL in hackbar and type order by 1000–
  8.  Keep doing till you get no error
  9.  I go straight to 10 which gives an error -> Even smaller values now.
  10. SQL -> union select statement -> PUT 3 (since its the one that gives no error.)
  11. PUT a “-” before your id now. Like this. hit execute.
  12. It says 3. Now lets find the version. since it says 3, we put all our stuff in the 3 section where it says 1,2,3.
  13. Awesome : lets get into the bad stuff now 😉
  14. type what I type.
  15. type that, and hit execute.
  16. I got message saying  The connection was rest while the page was loading saying the site could be temporarily  unavailable or too busy.Try agian in a few moments .
  17. hit execute
  18. ALL the Databases 😀
  19. Lets have a look at the user database 😉  none of the last part  worked spent all night welcome to the cyber security world!!!!!
Rate This Article:
Previous Article
Next Article
No comments

leave a comment