WELCOME TO CYBER NINJAS OFFICIAL BLOG! BROWSE GREAT POST ABOUT TECH , GADGETS AND MANY MORE THANKS FOR VISITING!
AD SPACE

Wednesday, 25 February 2015

Home / Unlabelled / MySQL injection - how to use union method (basics)

MySQL injection - how to use union method (basics)

by on



OLD LESSONS - in 1st post we learn to find vuln site?

In second post we learn to find how many column are there order by methOd
BEGIN IT NOW
smile emoticonnow we will find vuln site vuln column don't be confuseunsure emoticonthat 2times same method!confused_rev emoticonyeah there is two step to find vuln column it mean 1st you have to find how many column are there in site and to make sure that there is how many column we need to use this "union select" methOdsmile emoticon
site- we will practise in this site

http://www.skitm.edu.in/faculty.php?id=2

All step wise 1st we learn how to find either it is vuln or not yeah?

Here we use method like this
 http://www.skitm.edu.in/faculty.php?id=2'
getting sql error yeah? It mean this site is vuln.
old post
in second step what we learn? we learn how to find vuln column?
Like this http://www.skitm.edu.in/faculty.php?id=2 order by 3
next step is that to find vuln column tongue emoticon both are column but to find vuln column result in screen we need order by to get result in screen!
Here we go in step now smile emoticon

1) do you remember or not while we inject this site we got last error in 3 yeah? It mean here is 2 column now to display how many vuln column are there in screen we have to use following query smile emoticon
http://www.skitm.edu.in/faculty.php?id=-2 union select 1,2--
now how to get tht which number of column is vulnerable?
allways remember when you put tht union query u got the HIGHLIGHTED OR BOLD NUMBER OF VULN COLUMN AS DIGIT! now your job is identified it! by your self use your buttons i mean eyes lol :3 

What i have change in this site?

=> after id=parameter i haven't change there anything but i have put there sign '-' while using union select always remember to put that sign before parametEr..smile emoticon

how we will know that we have to put union select 1,2?

=> we have to use 1st order by method after knowing column vuln we have tO use according to vuln column value in union select..

example-


our target site :
 http://www.calidus.ro/
vuln site 
http://www.calidus.ro/en/news.php?id=2
To check the vuln column value in screen you will get some number in screen like 1,2,3 only one digit smile emoticon
Another example
http://www.calidus.ro/en/news.php?id=-2%20union%20select%201,2,3,4
i got last error in 5 so i know now there is vuln in 4 so i use union select 1.2,3,4 and in screen i get vuln is column 2 smile emoticon

 please remember that when you use order by method and get vuln column according to it's value put it in union select grin emoticon

Hope you understand smile emoticon
feel free to ask help!
Post challenge about only finding vuln column nowsmile emoticonit will help to learn easily

Regard : Cyber Ninjasmile emoticon
smile emoticon
Related Posts:
By at

4 comments:

  1. Unknown15 March 2015 at 07:29

    Im don't understand

    ReplyDelete
  2. Monica24 January 2020 at 23:25

    Darknet legit financial vendors and scam marketplace reviews,
    FULLZ, CC can be bought from Deepweb -
    ordering from darkweb financial websites .

    ReplyDelete
  3. jane holly12 November 2020 at 12:06

    This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change
    -funds recovery

    Email: onlineghosthacker247@ gmail .com

    ReplyDelete
  4. No Name14 December 2020 at 01:02

    Selling USA FRESH SPAMMED SSN Leads/Fullz, along with Driving License/ID Number with EXCELLENT connectivity.

    **PRICE**
    >>2$ FOR EACH LEAD/FULLZ/PROFILE
    >>5$ FOR EACH PREMIUM LEAD/FULLZ/PROFILE

    >All Leads are Tested & Verified.
    >Invalid info found, will be replaced.
    >Serious buyers will be welcome & will give discounts to them.
    >Fresh spammed data of USA Credit Bureau
    >Good credit Scores, 700 minimum scores.

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    **DETAILS IN EACH LEAD/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER WITH EXPIRY DATE
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL, I.P ADDRESS
    ->EMPLOYEE DETAILS
    ->REALTIONSHIP DETAILS
    ->MORTGAGE INFO
    ->BANK ACCOUNT DETAILS

    ->Bulk order will be preferable
    ->Minimum order 25 to 30 leads/fullz
    ->Hope for the long term business
    ->You can asked for specific states & zips
    ->You can demand for samples if you want to test
    ->Data will be given with in few mins after payment received
    ->Payment mode BTC, PAYPAL & PERFECT MONEY

    **Contact 24/7**

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete

Subscribe to: Post Comments (Atom)
Adbox