Sexchat site hack
So again, look for interesting names such as user,email and password.
Step 7 Finally we need to dump the data, so say we want to get the “username” and “password” fields, from table “admin” we would use the following command, union all select 1,2,group_concat(username,0x3a,password),4 from admin– So the url would look like this: com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin– Here the “concat” command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website.
Step 1: When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this: com/page=1 or com/id=5 Basically the site needs to have an = then a number or a string, but most commonly a number.
According to Channel 4, this included personal details in the administrative sense, such as usernames and email addresses, as well as personal details in the carnal sense, such as sexual preference and whether a user might be seeking extramarital affairs.