Monday, September 1, 2014

How To Hack A Websites - By SQL Injection in MySQL Databases

What Is Website ?
website is a collection of Web pages, images, videos or other digital assets that is hosted on one or several Web server(s), usually accessible via the Internet, cell phone or a LAN.

There Are Two Methods By Which You Can Hack Website 

SQL Injection in MySQL Databases:-

 Portal Hacking (DNN) Technique:-

What Is SQL Injection ?

SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

What Is Portal Hacking (DNN) ?

This method Is uses for google search to find hackable sites.

How To Hack Website ------>

Method 1 ----->

First test a website for SQL vulnerabilities and find a page like
www.fetch.com/anypage=1

If it is vulnerable the page shows error

Now find the number of columns in the database by enter command "order by" which is order 1 or order 2 if it still shows error that means it has 4 columns and if the site errored shows by "order 9"
than it has 8 columns.

Now use "Union" command to find vulnerable columns. If you have 5 columns than put unions all select 1,2,3,4,5 If it is successful the page shows varios numbers . Like 4 and 5 , that means 4 and 5 are vulnerable columns.

Now the main thing " How to find database version , name and user. You do this by replacing the vulnerable column numbers with given commands
user()
database()
version()


if it doesn't work below commands

@@user
@@version
@@database 

Now take all the list of table names in database , for this use command 
union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--

Now you have to take all column names in the database by using below command 
union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--

Now all done get the data you want like username and password

Note------> This Is Only For Education Purpose

For Second Method ------> Click Here
UA-54393041-1