Beruflich Dokumente
Kultur Dokumente
Dead Link
Dear Hackers, If you find any dead link then Kindly inform us at: aol.shafiq@gmail.com We will be
post a working link soon....
http://www.site.com/news.php?id=5
when we execute this, we see some page and articles on that page, pictures
etc...
i.e
i.e
i.e
i.e
if page loads normally we have access to mysql.user and then later we can
pull some password usign load_file() function and OUTFILE.
i.e.
then if the page loads normally without content missing, the table users
exits.
if you get FALSE (some article missing), just change table name until you
guess the right one :)
let's say that we have found that table name is users, now what we need is
column name.
the same as table name, we start guessing. Like i said before try the
common names for columns.
i.e
if the page loads normally we know that column name is password (if we get
false then try common names or just guess)
here we merge 1 with the column password, then substring returns the first
character (,1,1)
ok this here pulls the first character from first user in table users.
so if the ascii char greater then 80, the page loads normally. (TRUE)
FALSE!!!
Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it
returns the second character, 1 character in lenght)
TRUE, higher.
FALSE!!!
we know that the second character is char(105) and that is 'i'. We have
'ci' so far
so keep incrementing until you get the end. (when >0 returns false we know
that we have reach the end).
There are some tools for Blind SQL Injection, i think sqlmap is the best,
but i'm doing everything manually,
Have FUN! (:
marezzi@gmail.com
Posted by CardingPower at 11:23 AM
Labels: •••• ••• INJECTION
0 comments:
Post a Comment
User
Online User
Hacking Democracy
Latest Tools
Comments
http://sql-injection-tools.blogspot.com/2009/06/blind-sqli-tutorial.html (6 of 17) [4/13/2010 1:21:45 AM]
Ksecurity-Team " SQL INJECTION", "Web Hacking", "Web Security": Blind SQLi tutorial
Tools Online
● 100% Working rapidshare premum Link Gen
● MD5 & Others
● MD5 Crack
● Penetration Test
● PassCracking
● MD5Decryption
● MD5Crack
● Hash Cracking
● GDataOnline
● Base64 Cracking
● Admin Login Finder
Blog Archive
● ► 2010 (141)
● ▼ 2009 (198)
❍ ► December (5)
❍ ► November (40)
❍ ► October (8)
❍ ► September (6)
❍ ► July (16)
❍ ▼ June (123)
■ Spyware infection methods
■ Advanced SQL Injection Techniques
■ new sql injection dork
■ Acunetix Web Vulnerability Scanner 6+crack
■ sql vull scanner "good i have checked myself"
■ 2009 Evil Easter V1
■ Explained ASP SQL Injection by me!!! that everyone...
■ Top 10 Tricks to exploit SQL Server Systems
● Acunetix_Web_Vulnerability_Scanner_Enterprise_6.0 (1)
● admin Page finder and all other tools (1)
● Advanced HostMonitor 7.18+keygen download (1)
● Advanced LAN Scanner 1.0 (1)
● Advanced SQL Injection Techniques (1)
● Advanced SQL Injection Tool (1)
● All Messengers Password Stealer (1)
● and Why It Matters (1)
● Angry IP Scanner download (1)
● Armageddon stealer FUD (1)
● ASP MSSQL Injection Video (1)
● Auto Ph$her / fake Web Login Creator (1)
● Avoiding SQL Injection (1)
● Backdoor Injector download (1)
● Base64 Encoder nd Decoder (1)
● Best Ddos Tool Ever (1)
● best hacking tools (1)
● Best Hacking Videos [High Quality Videos] (1)
● Bitfrost RAT all Versions download (1)
● Blind SQL Injection Brute Forcer (2)
● Blind SQL Injection by xprog (1)
● Blue's Port Scanner (1)
● Blue|Smash download (1)
● Botnet Collection download (1)
● Bsqlbf V2 - Blind SQL Injection Brute Forcer Tool (1)
● c99.php (1)
● c99.txt (1)
● c99.txt. r57shell (1)
● Card Generator download (1)
● CigiCigi Vip 3.0 Platinium BETA (1)
● clown stealer fud mod by messy (1)
● Complete List of md5 Web Crackers (1)
● Connecting to a database with php (1)
● Cracking hashes with GPU (1)
● Credit Card finding Dorks (2)
● crypter (1)
● DarkZone Trojan (1)
● Defacement Tools (1)
● Defacing Tool 0.666 by _ATM_ Based on: Defacing Tool 2.0 by r3v3ng4ns (1)
● Default Collection Shell ON Best (1)
● Defence (1)
● Dork lfi and rfi (1)
● Dork RFI (1)
● DoS 5.5 Annihiliation Edition (1)
● Downloader (FWB++) (1)
● Email Spider Gold + Mailer PHP (1)