Skip to main content

Posts

Showing posts with the label SQL Injection

How to hack websites using Manual SQL injection

Hello Friends, Today we are going to learn how to hack a website using Manual SQL injection. The website which we will be using in this demo is :  www.unitedpurpose.org/ So, here is the Vulnerable link :  www.unitedpurpose.org/archive/article.php?id='100 So lets begin : Step 1 : First we have to find the number of columns present in the database. So to do that we have to implement the "order by" command in the vulnerable site. Example:  http://www.unitedpurpose.org/archive/article.php?id=100  order by 7 (any no. u have to guess it, i m using 13 ) *Remember if u get error in "order by 7" that means site has less than 7 columns,if we get the same page then the no. of columns is more than 7.. In my case the number of columns are 13. Step 2 : After getting the columns, its time to get the vulnerable column by using "UNION SELECT" no. of all columns 1 after another separated by commas(,). See the example for more clarification : Example :