Friday, 7 August 2015

Blind SQLi Tutorial

what is Blind SQLi Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a...

SQL Injection Using SQL Map

  What is SQLMAP? sqlmap is an open source penetration testing tool that automates the process of detecting andexploiting SQL injection flaws and taking over of database servers. It comes with a powerfuldetection engine, many niche features for the ultimate penetration tester and a broad range ofswitches lasting from database fingerprinting, over data fetching from the database, to accessingthe underlying file system and executing commands...

URL Based SQL Injection

Finding Sites: When talking to find a vulnerable site for SQL Injection you will hear the term Dork a lot, this refers to a google search term targeted at finding vulnerable websites. An example of a google dork is inurl:index.php?id=, entering this string in google search engine would return all sites from google cache with the string news.php?id= in their URL. Ex: http://www.site.com/news.php?id=4 To be a SQL injection vulnerable...

SQL Injection (Manually)

    Let‘s Start: Log on to http://www.website.com/news/news.php?id=130. Basically we are going to send the queries through URL to get back results on screen accordingly. The motive is to get name of table, name of colmun in which usernames and passwords are stored and finally fetching them. Instead of copying and pasting the long links,  simply click on "click here” and open in new tab. Step 1: Checking Sql Vulnerability. First...

SQL Injection (Basics)

What is SQL Injection?  Basically SQL Injections or simply called Structured Query Language Injection is a technique that exploits the loop hole in the database layer of the application. This happens when user mistakenly or purposely(hackers) enters the special escape characters into the username password authentication form or in URL of the website. Its basically the coding standard loop hole. Most website owners doesn't have proper knowledge...

How To Hack Websites Using RFI (Remote File Inclusion)

  Note : Only For Educational Purpose.>!!!  Lets Start 1st Find a Vunerable websites using Google Dork ''inurl:index.php?page='' its Most Popular Dork of RFI hacking This will show all the pages which has ''index.php?page='' in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker use the following command www.targetsite.com/index.php?page=www.google.com   So...

How To Hack An IP Address Of A Remote PC

What can you do with an IP address? Well you can hack a computer using it's IP address. You can find the location of the computer using its IP address. Things required: 1) PHP script to catch the IP. 2) .txt file to store the IP. you can download them from here. Procedure: Step 1: First create an account in any free webhosting site. examples are www.110mb.com www.drivehq.com www.t35.com www.my3gb.com Step 2: Extract the IP finder script you...