LFI [TUT]

[MethoD 1]


NOTE: You will need FireFox and its addon Tamper Data to do this method!


LFI or Local File Inclusion allows you to include a local file(which means, that the file is stored on the server) and run it in a webscript.
In this method we are going to upload a shell by accessing the proc/self/environ.


Now we have our page


http://www.target.com/index.php?include=register.php


And now we are going to do this:


http://www.target.com/index.php?include=../




If it gives you an error message, this is good. Best thing that can happen is, it says "No such file or directory". But anyways, now add this to your url:


http://www.target.com/index.php?include=../etc/passwd

SQL Injection with SQLmap [BackTrack Tool]

Hello again guyz :)

today I'm going to show you how to hack SQL Vuln. site with SQLmap in BackTrack 5

first of all find a Vuln. site.. you can see how in SQL injection tutorial :)

second of all open BackTrack > Terminal; then type:

cd /pentest/database/sqlmap

hit Enter.
Now we are inside SQLmap, lets start hacking :P

####################################################################

Now the command we will need here is:

+++++++++++++++++++++++++++++++++++++++++
-D         <= define the database
-T          <= define the table
-C          <= define the column
--dbs     <= bring DataBases names
--tables  <= bring table names
--columns <=bring columns names
--dump    <= dump the data out of the column
++++++++++++++++++++++++++++++++++++++++++

###################################################################

SQL Injection

hello all 


today I'm going to show you how SQL injection process goes 
STEP BY STEP 


############################################################
FIRST : How to find VULN. sites for SQL-i :-
-we can find google VULN. sites using google dorks like :

Code:

inurl:index.php?id=
inurl:article.php?id=
allinurl:news.php?id=
inurl:shop.php?cat=

############################################################