SQL INJECTION FOR BEGINNERS

sql injection:

                                 SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.

Injected SQL commands can alter SQL statement and compromise the security of a web application.

How to exploit the SQL Injection Attack

 It needs a little understanding of SQL and a great deal of cunning.

Try your Hacking skills against this test system. It takes you through the exploit step-by-step.

The SQL Injection attack allows external users to read details from the database. In a well designed system this will only include data that is available to the public anyway. In a poorly designed system this may allow external users to discover other users' passwords.

prepare:

               The first step to performing a SQL injection attack is to find a vulnerable website. This will probably be the most time-consuming process in the entire attack. More and more websites are protecting themselves from SQL injection meaning that finding a vulnerable target could take quite some time.

One of the easiest ways to find vulnerable sites is known as Google Dorking. In this context, a dork is a specific search query that finds websites meeting the parameters of the advanced query you input. Some examples of dorks you can use to find sites vulnerable to a SQL injection attack include:

1. inurl:index.php?id=
2. inurl:trainers.php?id=
3. inurl:buy.php?category=
4. inurl:article.php?ID=
5. inurl:play_old.php?id=
6. inurl:declaration_more.php?decl_id=
7. inurl:pageid=
8. inurl:games.php?id=
9. inurl:page.php?file=
10. inurl:newsDetail.php?id=
11. inurl:gallery.php?id=
12. inurl:article.php?id=
13. inurl:show.php?id=
14. inurl:staff_id=
15. inurl:newsitem.php?num= andinurl:index.php?id=
16. inurl:trainers.php?id=
17. inurl:buy.php?category=
18. inurl:article.php?ID=
19. inurl:play_old.php?id=
20. inurl:declaration_more.php?decl_id=
21. inurl:pageid=
22. inurl:games.php?id=
23. inurl:page.php?file=
24. inurl:newsDetail.php?id=
25. inurl:gallery.php?id=
26. inurl:article.php?id=
27. inurl:show.php?id=
28. inurl:staff_id=
29. inurl:newsitem.php?num=

Of course, there are many others as well. The key component of these specialized search queries is that they all focus on websites that rely on PHP scripts to generate dynamic content from a SQL database somewhere on the backend of the server. 

ex:http://www.udemy.com/index.php?catid=1’

Attack

After locating a vulnerable site, you need to figure out how many columns are in the SQL database and how many of those columns are able to accept queries from you. Append an “order by” statement to the URL like this:

http://www.udemy.com/index.php?catid=1 order by 1

Continue to increase the number after “order by” until you get an error. The number of columns in the SQL database is the highest number before you receive an error. You also need to find out what columns are accepting queries.

You can do this by appending an “Union Select” statement to the URL. A union select statement in this URL would look like this:

http://www.udemy.com/index.php?catid=-1 union select 1,2,3,4,5,6

There are a couple of things to note in this example. Before the number one (after catid), you need to add a hyphen (-). Also, the number of columns you discovered in the previous step is the number of digits you put after the union select statement. For instance, if you discovered that the database had 12 columns, you would append:

catid=-1 union select 1,2,3,4,5,6,7,8,9,10,11,12

The results of this query will be the column numbers that are actually accepting queries from you. You can choose any one of these columns to inject your SQL statements.

BYPASS WEB FILTER

HI,THIS IS FOR U FRIENDS
   I CAN BYPASS  FORTIGUARD .THIS IS EASY WAY.
NOW ,I  GIVE THE INSTRUCTION

METHOD 1.

1.open chrome browser .
2.go to more tools.
3.open extension.
4.then click more extension
5.put'easy proxy'in search tab
6.it'll be appear.{OR SIMPLT PUT THE URL IN SEARCH TABhttps://chrome.google.com/webstore/search/easy%20proxy?hl=en-US}
7.this's the add on for bypassing filter.

8.open the 'easy proxy'

9.then sign up

10.finally click the top left corner of the icon and click open.

 HERE IS THE VIDEO PROOF:https://www.youtube.com/watch?v=LC1WPu1bIKI

METHOD 2.
          USE SSL PROXY SITES.
       FIRST OF ALL YOU MUST KNOW ABOUT THE WEB PROXIES
 WEB PROXIES:

                            Web proxies provide a quick and easy way to change your IP address while surfing the Internet. Web proxies are extremely portable as they do not require the installation of additional software or modification to computer networking settings. They are used like a search engine, except that you enter a website address instead of a search query into a form, and web proxies return webpages rather than search results. The sites you visit through the proxy see an IP address belonging to the proxy rather than your IP address.

  NOW I GIVE TO YOU SOME OF THE WEB PROXIES URL.  AND YOU CAN ENTER THE BOCKED WEBSITE URL IN THE SEARCH TAB OF PROXY SITES  AND YOU CAN BYPASS YOUR FILTER               HERE IS THE LINK

               https://www.filterbypass.me/            

                https://surf-anonymous.info/
                https://www.homeproxy.com/
                https://www.blessmyass.com/
                 https://hide.me/en/proxy
                 https://pandashield.com/

There is many ways to bypassing filters such as VPN,WEBPAGE TRANSLTING etc,
But, i have only recommend the first method.this,s too easy.

before i had using 'freegate' 'ultrasurf'.But fortiguard(webfilter) blocked these all ways.but this one is the best forever.

DOWNLOAD IDM CRACK

http://linkdownload123.com/?s=IDM