Archive for the ‘SQL Injection’ Category

How to Find Vulnerable(Bug) link For SQL Injection?   7 comments

In my Last Tutorial We. Learn What is SQL, SQLI and Vulnerability
Click Here To View Last Tutorial

OK.. We see Vulnerable link Is Important for SQL Injection .But you have Question How we Found this Link (Vulnerable). ok.. We can also find It manually but in our tutorial We Use Tool For Find Vulnerable link…

The tool Which we use in Our Tutorial is SQL Poizone V1.1  . The Tool Is Developed By Our Daily Viewer and My Friend Poizoner. Ok..

1. Download Tool From Here( Clcick me )
2. Now. No Need to Install It .. Open the SQL Poizone V1.1 Exe .
3. Now You See Tool Window look like this …

4. Now From Dork_View Panel  Double Click on All Dork – > Php -> Select the Index.php?id=

Now Follow given Step..

  1. Now Time To Select Engine Time .. (Select Google API) Means We Search Using Google .. 
  2. Select Max 300 
  3. Select Country .. ( We see here text like In,Cn,pk etc..  This is like a .Com or .org  for Country )
  4 . Now  Click Search Button … Ohhh… Scanning  is Start … Now Wait until It Finish …


  Now … U see result in Result_Panel .
  – Ok… Now Right Click and Check all …
  – Now… again Right click again and Click on Send to Sqli Scrawler -> All  
ok .. this is time to Final Scan..
Here Simply Click on Crawl Button and Scan is start ….
   Wait until it Complete …  

    Now you See result look like this…

oh .. congrats you find the Vulnerable link in Bottom Panel …  Now Export  into .txt file and save it,,, 
Ok.. Now u think When we Hack the Site … We do it… but in next tutorial…
ohhh.. and yes .. Start to make Collection of … Vulnerable link for our next tutorial…  
Best of luck 

Posted September 24, 2011 by smarthacker5 in SQL Injection

What Is SQLi (SQL Injection) ?   5 comments

I Write this Tutorial For .. Newbies or Beginners.. And This is My First Tutorial On Website hacking ..

Ok.. What We learn on this Tutorial?

  1. What Is SQL ?
 2. What is Vulnerability ?
  3. What is SQLi (SQL Injection)?
 4. Tools.

 OK.. Before I start.. One thing .. Sry For my Bad English. Or Here We can not Learn All.. About SQLi.. Only Basic.. 

1. What is Sql?

Before Starting Injecting First We learn What is SQl..
SQL (pronounced “ess-que-el”) Is Stands For Structure Query Language . SQL Is used to Communicate With Database. 
According to ANSI (American National Standard Institute).. We learn about ANSI letter. It is Standard Language For Database Management System. SQL Is Use To Perform Some Additional Task Like Insert, Delete,Update.. in Database. We Have many Database Languages Which Use SQL Command Like Oracle, Sybase, Microsoft SQL Server, Access, etc.. 

 Now I think U all Understand What is SQL.. Ok.. Now goes For next Step.. Vulnerability ..

2. What is Vulnerability?

  Vulnerability is Nothing But Some.. Error .. Bug in WebPage Coding … Now a Day It in 70% WebSites. It is Nothing But Laziness and  less Knowledge Of Coder. Vulnerability Has Many Types.. Like SQLI Vulnerability, XSS Vulnerability.. etc. We Discuss more about on it  Later.. Vulnerability Allow Hackers to Leech data From Database.  Ok.. When You Hack.. Than you Learn Better … Now What is SQLI ?

3. What is SQLI ?

  We know Some About SQL and Vulnerability.. Now you think What is this SQLI.. I Stands for Injection , Inject. This is Not a Injection Of Doctor’s.. But it Work as a Real Injection .. Ok.. leave this Crap thing.. 

     Now Actually What is Injection .. Injection means inject… Injection Inject the Database through Vulnerability. and Leech the Data From Database.Now your have Question in Your Mind that Why We Use .. SQLI… 

   We learn Injection Inject the Database But how.. It Use the SQL Command to Inject a Database.. that this is Know as SQLi.. Now one another Question Which type of Command .. But Don’t worry .. Because here We use Basic Command Like Union ,Select, Group by etc.. Now you Know What is SQL,SQLI, or Injection.. 

   Now You think We Know Vulnerability,,SQLi but ..How We find that What is the Format Of Vulnerability.. bla bla bla .. ok .ok ..  See here . Basically in the SQLI .. the Format Of Vulnerable String is like this… id=5′  etc… This is Known as Vulnerable link.. 

 Ok.. We have no need to Analyze this String.. What is this ID=5..  etcc..

     Now We think How We get this.. Ok..  You Are Newbies that We can not Gent it Manually But here ..We use Tools For this… 
  ohhhh.. ..Stop Stop ..We learn About this on Next tutorial… But for this We need Your Feedback.. And yup. Here is Tool For Find SQLI link .. Analyse IT.. Discussed In next tutorial.

Download Now

Posted September 19, 2011 by smarthacker5 in SQL Injection