SQL Injection – Load File
You found site with SQL vulnerability, now you can try to access table mysql.user and file privileges.
To so which is user and do we have user privileges we are adding ‘user’ instead of a vulnerable column and at end of URL adding ‘+from+mysql.user–‘.
It should look like this:
Code
If you get username, it means that you have access to mysql.user table and you can continue with this tut.
Now to see if we have file privileges we have to instead of ‘user’ add ‘concat(user,0x3a,file_priv)’ and of course ‘+from+mysql.user–‘
Now when on page usernames and file priv. are listed you must find username which was written at start, when you was writing ‘user’ in column, when you find it and if besides him shows ‘Y’ which is Yes. You have privileges.
Load File:
All we have to do is to write on vulnerable column load_file(‘FILE NAME’).
We gonna try with /etc/passwd, so we type in vulnerable column ‘load_file(‘/etc/passwd’).
We gonna try with /etc/passwd, so we type in vulnerable column ‘load_file(‘/etc/passwd’).
Which looks like this:
Code
If it give us error we can convert file in Char or Hex, but if we do it we must delete ” ‘ ” in file name.
Hex e.g.
If we convert file name in Hex, before file name we will add ‘0x’
If we convert file name in Hex, before file name we will add ‘0x’
Code
Hex code ‘2f6574632f706173737764′ works for ‘/etc/passwd’.
It is recommended for Hex:
Code
If you decide to convert file in Char then add ‘load_file(char(converted file to char))’
Which looks like:
Code
Where ‘ 47,101,116,99,47,112,97,115,115,119,100 ‘ works for ‘/etc/passwd’
Char converter: Search on google and you will find a Char converter
New tutorial about hacking website coming soon
0 Comment "[SQL Injection - Load File] Website Hacking [Tutorial] "
Post a Comment