Forum Thread: Database Hack?

Database Hack?

hey, so my question is there any tutorial that shows how to hack a database that doesnt have this vulnerability's

inurl:index.php?id=
inurl:gallery.php?id=
inurl:post.php?id=
inurl:article?id=

because i now a site that use this :?uuid=c23fbb99-be4b-4c11-bbf5-57e7fc4f4388

is this anyway vulnerable.

6 Responses

I am not sure what vulnerability that is, but you can look it up here for example. www.securityfocus.com

And I would most highly recommend Metasploit for cracking a database

i have found a payload,but the problem is how does it works ?
(im new to db hacking )

A payload is something you write, and you are supposed to send it after you found a bug sooo... find the bug first, then inject the payload.

If you're new to db hacking I might suggest you try in your LAN first, do NOT start learning on a live server.

so how seems a bug like.

im just curious if i know how than can i test it on my LAN.
and if im fully save than i can begin on live server.
but that wil take a lot of months

(sorry for my bad english)

Start reading some tutorials... you can find many on this site, and much more by googling.

Then load a VM with metasplitable, DVLinux, or set up your web server + mysql (if you feel like you are a total noob, just go for windows and get EasyPHP, it will setup everything for you).

Get some old wordpress, download old plugins and head to exploit-db.com. Try those exploit like a skid, then break them down and understand how they work.

Use those public exploit to perform operations that are not included in the public advisory. Now move to a linux environment and test them again.

Make sure you also read the webserver LOGS to understand HOW MANY trails you are leaving behind when you perform such attacks.

Depending on how much time you dedicate the process and your initial skills set, it could take from a week to several months yeah. But no pain, no gain.

Share Your Thoughts

  • Hot
  • Active