ULTIMATE MYSQL INJECTION TUTORIAL FOR BEGINNERS 100% NOOB FRIENDLY,
ULTIMATE MYSQL INJECTION TUTORIAL
< Ultimate MySQL Injection Tutorial For Beginners >–
Contents
1A: Understanding SQL Injection
1B: Tricks & Tools
1C: Requirements
—
2A: Searching for Targets
2B: Testing Targets for Vulnerabilities
2C: Finding Columns
2D: Finding Vulnerable Columns
—
3A: Obtaining the SQL version
3B: Version 4
– 1. Obtaining Tables & Columns
– 2. Commands
3C: Version 5
– 1. Obtaining Table Names
– 2. Obtaining Column Names from Tables —
1A: Understanding SQL Injection
SQL Injection is one of todays most powerful methods of system penetration, using error
based queries one is able to extract data (tables & columns) from a vulnerable system,
namely the (database).
1B: Tricks & Tips
Beginners tend to believe that using tools created by advanced SQL injection artists is the
best way around things, please believe that they aren’t, everything seems nice and easy with
tools such as (BSQLi and SQLi Helper) which they are, but the users posting the download
links for both applications around the world on hacking forums have been known to very
securely encrypt these tools with malicious files or backdoors etc, I’ve experienced this
first hand when I first started out. Learning everything manually will help you understand
the environment you are attempting to penetrate, whilst experimenting with commands you have
learned will only help you become more advanced in SQL injection, as for tricks, there are
many articles named (Cheat Sheets) because this is what they are, purposely created for SQL
injectors to use commands which aren’t normally spoken of or known about, Samples are
provided to allow the reader to get a basic idea of a potential attack.
1C: Requirements:
When I first started SQL injection personally for me it wasn’t too hard to get on the ball
and learn quickly, this is because I had previous knowledge of web scripts, how the internet
works, and the ability to read and understand complicated tutorials. I believe it’s a whole
lot easier if you know the basics of a computer system and how the internet works.
To learn you must be able to read and understand the tutorial or article provided and take
on board everything you see. When I was a beginner I found it easier to attack whilst
reading, do everything in stages, don’t read the whole tutorial, and go off and expect to
inject off the top of your head. —
2A Searching for Targets
Ahh, the beauty of searching for targets is a lot easier than it sounds, the most common
method of searching is (Dorks). Dorks are an input query into a search engine (Google) that
attempt to find websites with the given text provided in the dork itself. So navigate to
Google and copy the following into the search box:
inurl:”products.php?prodID=”
This search will return websites affiliated with Google with “products.php?prodID=” within
the URL.
You can find a wide range of dorks to use by searching the forum.
I advise you to create your own dorks, be original, but at the same time unique, think of
something to use that not many people would have already searched and tested.
An example of a dork I would make up:
inurl:”/shop/index.php?item_id=” & “.co.uk”
So using your own dorks isn’t a bad thing at all, sometimes your dorks won’t work, nevermind
even I get it.
—
2B: Testing Targets for Vulnerabilities
It’s important that this part’s done well. I’ll explain this as simply as I can.
After opening a URL found in one of your dork results on Google you now need to test the
site if it’s vulnerable to SQL injection.
Example(ULTIMATE MYSQL INJECTION TUTORIAL FOR BEGINNERS 100%)
http://www.site.com/index.php?Client_id=23
To test, just simply add an asterisk ‘ at the end of the URL
Example:
http://www.site.com/index.php?Client_id=23’
How to tell if the sites are vulnerable:
– Missing text, images, spaces, or scripts from the original page.
– Any kind of typical SQL error (fetch_array) etc.
WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. Payment is Upfront, Our services are not free
Contact us for support. We sell fresh ATM Hacking, Paypal/Cashapp accounts & Transfers, Dumps with Pin, Western Union Transfers, ATM Skimmers, Bank logins, and lots more.