m0riiii.IR

SQL Injections tutorial

Posted on the February 24th, 2010 under Tutorials by m0riiii

Im going to cover some simple SQL Injections. Which we are gonna go through Joomla

Alright first you are going to need to go to this link right here:
http://milw0rm.com/exploits/5730. And a Script will come up of what to use. Now you need to
google this : inurl:com_idoblog

Find a website you wish to Inject.

Now once you have done that.. you will need to copy this :
Code:
/index.php?option=com_idoblog&task=userblog&userid= and 1=1 UNION SELECT
user(),user(),user(),user(),user(),concat(username,0×3a,password)
,user(),user()
.

Now when you find a website it should look like this
Code:
www.target.com/index.php?
You will need to Erase the /INDEX.PHP?[/CODE] and put in
Code:
/index.php?option=com_idoblog&task=userblog&userid= and 1=1 UNION SELECT
user(),user(),user(),user(),user(),concat(username,0×3a,password)
,user(),user()
now press enter.

If the site is vulnerable you will need the name ” ADMIN ” and then a hash after that.

Go to google, and search ” HASH CALCULATOR ” get the MD5 hash and then you google ” MD5
CRACKER ” and then you just simply fill in what you should do, if the hash is crackable you
will get a password.

Go back to the site you are injecting and type in ADMIN as the username and put the password
you got from the hash as the PASSWORD.

Well done you have successfully finished your first SQL Injection .

soruce : www.hackinglibrary.ws