![]() ![]() Upload your package Your Shell c99,c100, Images, etcĪfter running this JAVA script, you will see the option for Upload Selected File Now select you page file which you have & upload here. Javascript:_doPostBack(‘ctlURL$cmdUpload’,”) Now replace the URL in the address bar with a Simple Script You will get a Link Gallery page.So far so good!ĭont do anything for now, wait for the next step… Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx Home/tabid/36/Language/en-US/Default.aspx You will find many sites, Select the site which you are comfortable with. This is a dork to find the Portal Vulnerable sites, use it wisely. :inurl:/tabid/36/language/en-US/Default.aspx Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx You can also modify this google dork according to your need & requirement Here U can use only Google Dorks for hacking websites.Ģ- inurl:/tabid/36/language/en-US/Default.aspx This method also uses in google search engine to find hackable sites. One more hacking method called “ Portal Hacking (DNN)“. Here the “concat” command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website. ![]() Union all select 1,2,group_concat(username,0x3a,password),4 from admin– So again, look for interesting names such as user,email and password.įinally we need to dump the data, so say we want to get the “username” and “password” fields, from table “admin” we would use the following command: This command makes the page spit out ALL the column names in the database. Union all select 1,2,group_concat(column_name),4 from information_lumns where table_schema=database()– In this Step we want to list all the column names in the database, to do this we use the following command: If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables. Remember the “table_name” goes in the vulnerable column number you found earlier. UNION SELECT 1,table_name,3,4 FROM information_schema.tables– To do this we enter the following command after the url. In this step our aim is to list all the table names in the database. IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this. The resulting page would then show the database user and then the MySQL version. Or if these dont work example the url would look like: We do this by replacing the vulnerable column numbers with the following commands: We now need to find the database version, name and user. This means columns 2 and 3 are vulnerable. If you have 7 columns you would put, union all select 1,2,3,4,5,6,7– If this is done successfully the page should show a couple of numbers somewhere on the page. This is what we would enter if we have 4 columns. So we enter after the url, union all select (number of columns)–, We now are going to use the “union” command to find the vulnerable columns. It just depends on the way the database is configured as to which prefix is used. If this does not work, instead of - after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. If the site errored on “order by 9” then we would have 8 columns. If we receive another MySQL error here, then that means we have 4 columns. We do this by entering “order by 1–“, “order by 2–” and so on until we receive a page error. Now we need to find the number of union columns in the database. If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29 ![]() ![]() If the database is vulnerable, the page will spit out a MySQL error such as Once you have found a page like this, we test for vulnerability by simply entering a ‘ after the number in the url. When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:īasically the site needs to have an = then a number or a string, but most commonly a number. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |