ULTIMATE MYSQL INJECTION TUTORIAL FOR BEGINNERS 100% NOOB FRIENDLY

ULTIMATE MYSQL INJECTION TUTORIAL FOR BEGINNERS 100% NOOB FRIENDLY,

ULTIMATE MYSQL INJECTION TUTORIAL

< Ultimate MySQL Injection Tutorial For Beginners >–
Contents
1A: Understanding SQL Injection
1B: Tricks & Tools

1C: Requirements

2A: Searching for Targets
2B: Testing Targets for Vulnerabilities
2C: Finding Columns
2D: Finding Vulnerable Columns

3A: Obtaining the SQL version
3B: Version 4
– 1. Obtaining Tables & Columns
– 2. Commands
3C: Version 5
– 1. Obtaining Table Names
– 2. Obtaining Column Names from Tables —
1A: Understanding SQL Injection
SQL Injection is one of todays most powerful methods of system penetration, using error

based queries one is able to extract data (tables & columns) from a vulnerable system,

namely the (database).

 

1B: Tricks & Tips

Beginners tend to believe that using tools created by advanced SQL injection artists is the

best way around things, please believe that they aren’t, everything seems nice and easy with

tools such as (BSQLi and SQLi Helper) which they are, but the users posting the download

links for both applications around the world on hacking forums have been known to very

securely encrypt these tools with malicious files or backdoors etc, I’ve experienced this

first hand when I first started out. Learning everything manually will help you understand

the environment you are attempting to penetrate, whilst experimenting with commands you have

learned will only help you become more advanced in SQL injection, as for tricks, there are

many articles named (Cheat Sheets) because this is what they are, purposely created for SQL

injectors to use commands which aren’t normally spoken of or known about, Samples are

provided to allow the reader to get a basic idea of a potential attack.

 

1C: Requirements:

When I first started SQL injection personally for me it wasn’t too hard to get on the ball

and learn quickly, this is because I had previous knowledge of web scripts, how the internet

works, and the ability to read and understand complicated tutorials. I believe it’s a whole

lot easier if you know the basics of a computer system and how the internet works.
To learn you must be able to read and understand the tutorial or article provided and take

on board everything you see. When I was a beginner I found it easier to attack whilst

reading, do everything in stages, don’t read the whole tutorial, and go off and expect to

inject off the top of your head. —
2A Searching for Targets
Ahh, the beauty of searching for targets is a lot easier than it sounds, the most common

method of searching is (Dorks). Dorks are an input query into a search engine (Google) that

attempt to find websites with the given text provided in the dork itself. So navigate to

Google and copy the following into the search box:
inurl:”products.php?prodID=”
This search will return websites affiliated with Google with “products.php?prodID=” within

the URL.
You can find a wide range of dorks to use by searching the forum.
I advise you to create your own dorks, be original, but at the same time unique, think of

something to use that not many people would have already searched and tested.
An example of a dork I would make up:
inurl:”/shop/index.php?item_id=” & “.co.uk”
So using your own dorks isn’t a bad thing at all, sometimes your dorks won’t work, nevermind

even I get it.


2B: Testing Targets for Vulnerabilities
It’s important that this part’s done well. I’ll explain this as simply as I can.
After opening a URL found in one of your dork results on Google you now need to test the

site if it’s vulnerable to SQL injection.

Example(ULTIMATE MYSQL INJECTION TUTORIAL FOR BEGINNERS 100%)

http://www.site.com/index.php?Client_id=23

To test, just simply add an asterisk ‘ at the end of the URL

Example:
http://www.site.com/index.php?Client_id=23’

How to tell if the sites are vulnerable:
– Missing text, images, spaces, or scripts from the original page.
– Any kind of typical SQL error (fetch_array) etc.

WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS
AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. 
Payment is Upfront, Our services are not free

Contact us for support. We sell fresh ATM Hacking, Paypal/Cashapp accounts & Transfers, Dumps with Pin, Western Union Transfers, ATM Skimmers, Bank logins, and lots more.

 

We have other services like bank transfers to any bank account. We have helped change the lives of people from different continents in South America and across Europe. We can Card anytime for you and ship for half the price, Carding iPhone, Botnet setup service, Carding Classes where you will learn everything that will help you make money

Get Sameday Money Transfer Service From Our Professional Hackers

 

Leave a Reply