Today I am going to show you howas an updated version of how to use SQL injection through Havij. Havij is a SQL
Injection tool that helps pen testers to locate and exploit SQL Injection
vulnerabilities on a website .It can use things to it advantage to take control of a vulnerable web
application. By using this you retrieve DBMS users and password hashes, dump tables and columns,
fetching data from the database, running SQL statements and
even accessing the underlying file system and executing commands on the
operating system.
So Let me start this tutorial all you will have to download the program from here: http://adf.ly/auby4
Once you have downloaded and installed the program on your computer you need to scan the web for the vulnerable websites for sql injection. Google dorks will help us in this situation, Google dork is a phrase which helps everyone to find sql injectable web page. To be able to find a vulnerable site you will need to search some of these in google.
So Let me start this tutorial all you will have to download the program from here: http://adf.ly/auby4
Once you have downloaded and installed the program on your computer you need to scan the web for the vulnerable websites for sql injection. Google dorks will help us in this situation, Google dork is a phrase which helps everyone to find sql injectable web page. To be able to find a vulnerable site you will need to search some of these in google.
inurl:article.php?ID=
|
inurl:play_old.php?id=
|
inurl:Pageid=
|
inurl:games.php?id=
|
inurl:newsDetail.php?id=
|
inurl:staff_id=
|
inurl:news_view.php?id=
|
inurl:humor.php?id=
|
inurl:pages.php?id=
|
Once you find a vulnerable site you would copy the web adress and paste it in to Havji in the target section and then you would click the analyze button. it would then tell you whether or not the site is vulnerable to SQL injection.
If the target is vulnerable, we will have to click the get databases button it will then bring up a list of of the data bases
then you would clik on of the data bases and then click get tables then it would bring up the tables of the data base you selected. then you will select a table you want and get the columns this is a very repetitive process
you would then select the column you see for example admin or master and then you would click on Get Data.You would then have the login credentials and would be able to login into the website as the administrator.
I would like to mention the more you visit this site the more things I can do and I would apreaciate it if you would suscribe and follow I will be giving things out when I reach a total of 10,000 views I hope you enjoyed this article.
No comments:
Post a Comment