Useful Stuff Need a program? A website? A tool? Have one for someone else? Look here! Category: All - General - Hash cracking and password sniffing - Development tools - Fun and Games.
Website Hacking - Hackers. Online. Club. SQL Injection in My. SQL Databases: -SQL Injection attacks are code injections that exploit the database layer of the application. This is most commonly the My. SQL database, but there are techniques to carry out this attack in other databases such as Oracle.
In this tutorial i will be showing you the steps to carry out the attack on a My. SQL Database. Step 1: When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this: www. Basically the site needs to have an = then a number or a string, but most commonly a number. Once you have found a page like this, we test for vulnerability by simply entering a ' after the number in the url. For example: www.
Forget the evil computer geniuses. An 11-year-old can use the free, automated tools that let you steal from online databases. false. Kindly point out gamers who have One More Line hacked or cracked, and screen out game software update bugs, lag, glitch, latest working One More Line hack tool, free download site survey, virus, website spyware, items levels money cheat code, errors, apk. I'm Craig Hockenberry and this is where I write for the web. I make apps and run websites. You can learn more about me. And it’s still just one line of code! Are you wondering how I came up with that magic scaling factor of 0.4? I used a tried and true While. By visiting this site, users agree to our disclaimer. The members, admins, and authors of this website respect your privacy. All logos and trademarks in this site are property of their respective owner. The comments and forum posts are property of their posters, all.
If the database is vulnerable, the page will spit out a My. SQL error such as; Warning: mysql_num_rows(): supplied argument is not a valid My.
SQL result resource in /home/wwwprof/public_html/readnews. If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection. Step 2. Now we need to find the number of union columns in the database. We do this using the "order by" command. We do this by entering "order by 1- -", "order by 2- -" and so on until we receive a page error. For example: www.
If we receive another My. SQL error here, then that means we have 4 columns. If the site errored on "order by 9" then we would have 8 columns. If this does not work, instead of - - after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too.
It just depends on the way the database is configured as to which prefix is used. Step 3. We now are going to use the "union" command to find the vulnerable columns. So we enter after the url, union all select (number of columns)- -,for example: www. This is what we would enter if we have 4 columns.
If you have 7 columns you would put,union all select 1,2,3,4,5,6,7- - If this is done successfully the page should show a couple of numbers somewhere on the page. For example, 2 and 3. This means columns 2 and 3 are vulnerable. Step 4. We now need to find the database version, name and user. We do this by replacing the vulnerable column numbers with the following commands: user()database()version()or if these dont work try..@@user@@version@@database. For example the url would look like: www. The resulting page would then show the database user and then the My.
SQL version. For example admin@localhost and My. SQL 5. 0. 8. 3. IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this. Step 5. In this step our aim is to list all the table names in the database. To do this we enter the following command after the url. UNION SELECT 1,table_name,3,4 FROM information_schema. So the url would look like: www.
UNION SELECT 1,table_name,3,4 FROM information_schema. Remember the "table_name" goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables. Step 6. In this Step we want to list all the column names in the database, to do this we use the following command: union all select 1,2,group_concat(column_name),4 from information_schema. So the url would look like this: www. This command makes the page spit out ALL the column names in the database. So again, look for interesting names such as user,email and password.
Step 7. Finally we need to dump the data, so say we want to get the "username" and "password" fields, from table "admin" we would use the following command,union all select 1,2,group_concat(username,0x. So the url would look like this: www. Here the "concat" command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website.
Cut and paste one line of code to make any website editable. Have you ever wanted to edit the web pages of another website?
This simple line of code makes it possible. Of course you can’t actually edit the actual web page but you can edit the page as you see it on your screen.
This is one of the ways scammers create fake screenshots, fake Adsense & affiliate earnings and even fake Paypal transactions. Here’s a method of editing the webpage in browsers without developer tools; all you need to do is visit the site you want to edit, paste the code below into your web browser address bar (tested in Firefox & IE7, fails in the Chrome search box) and hit the Enter button. Then simply select a portion of text on the page and start editing. Editable='true'; document. Mode='on'; void 0.
Alternatively, you can install firebug and edit inline using this tool.