Since I've made a bunch of tutorials lately, I'd thought I should put them all in one SQLi pack, for people that are willing to learn. I started out from scratch, and wrote these all from beginner to where I am now. I learned alot here, and hope some of these will help you learn as well.
Well, here they are everyone. Enjoy!
SQL Injection
This one has info one basic injections, WAF bypassing, String Based Injections, Blind Injection, Admin Page Finders, Decrypting Sites, and some important functions.
[TUT] SQL Injection(Pics) [Highly Detailed] [8K+ Views]
This tutorial goes into advanced Double Query Error Based Injection, and has a bonus with some important functions in SQLi that will help you out greatly.
[X-Mas Special][Tutorial]Error Based Injection [Pics/Detailed][Bonus!]
This tutorial goes over Boolean Based Blind Injection, which gives you data based off of true and false statements. It shows ways to get data without guessing, even if there's no visible data on the page.
[Detailed] Boolean Based Blind Injection [Tutorial]
This next tutorial goes into Error Based Injection, for MySQL versions that are less then 5 (Sites that don't have information_schema).
[Error Based ] [MySQL<5] Tutorial [Pics/Detailed]
This tutorial here goes over Double Query Error Based Injection, and has a bonus with some very detailed important functions in SQL Injection.
[X-Mas Special][Tutorial]Error Based Injection [Pics/Detailed][Bonus!]
This next tutorial shows you step by step on how to check every database in a site, for the info you need.
[Tutorial] Getting Data From Multiple Databases [SQLi]
This next tutorial goes over XPath Injection, using both UpdateXML and ExtractValue functions.
[ExtractValue/UpdateXML] XPath Injection Tutorial [Pics/Detailed]
Local File Inclusion
This video tutorial shows you how to shell a site through the process environment file, via Local File Inclusion. Also has lists of vulnerable sites.
Updated this with 2 firewall bypass methods, or filter evasion.
[TUT] LFI (Uploading Shell) [Pics/Video]
This thread is a list of dorks I used to find vulnerable sites, it should help a lot.
[Fresh] LFI Dorks!
This thread shows a list of possible directories that you can snoop through to find juicy files, or access/error logs to poison and get your shell uploaded via Log File Injection.
[LFI] Possible File Directories
Shells
This video tutorial will show you how to upload and find your shell, once you've gotten admin access.
[Tut] Basic Shell Uploading [Video]
This tutorial has pictures that guide you step by step on getting your shell uploaded on a phpbb forum. It's detailed and easy to follow along with.
[Tutorial] Shelling a PHPBB Forum [Pics/Detailed]
This tutorial shows you how to bypass file extension filters, by modifying the POST content in Tamper Data.
[Tutorial] Exploiting an Arbitrary File Upload Vulnerability [Pics/Video]
Well, there's everything for now. I'll be keeping this updated, so be sure to bookmark this for the future <3.
Happy New Years Everyone!
all tuto
Posted by 67
On 03:50