SQL Injection Part 1

sql-injection
sql-injection
Hello Guys..!!

In my previous post you must have learn What SQLi is? If you have not read that blog post (SQL injection) go and read it first.
What will you learn:
  • Finding Website Vulnerable to SQLi
  • How to Hack SQLi Vulnerable Website using:
    • Havij
    • SQL Map
    • Hackbar
      In this Article I will show How to use Havij and the other two in next article.
  • Finding admin Panel and cracking MD5 hash.

Finding Website Vulnerable to SQLi

Here we will use  Google hacking (Google Dorking) method to find vulnerable websites.

  • Open Google and type

    inurl:.php?id= .pk

    in query box and hit enter. Here i've used ".pk" because i want vulnerable websites from pakistan.
  • The website in google search result will look like this "target.com/about.php?id=1".
  • Choose any website from the search result.
  • You can also search SQLi vulnerability for perticular website by using google dork." Inurl:target.com/?id= "

 

SQLi Using Havij

  • When you will open Havij. It will look like following screenshot
Havij
Havij
  • Just copy website url and Paste it in Target box. then hit on Analyze. Here I've used http://pakpips.com/about.php?id=1

Havij

  • Now it will start it's process and after few sec/min it will show current database name. Now click on Tables and click on Get DBs. Now it wiil look like below screenshot

Havij

  • Now click on get tables. It will get all the tables present in website's Database.

Havij

  • Now tick on the checkbox of the table you like and click on Get Columns. Here i've retrieve column from users Table.

Havij

  • Now check on the columns and click on Get Data to retrieve data from selected columns. Here i'm retrieving data from id,password and username.

Havij

  • Here id is 1, password is admin and username is password.

Finding Admin Panel and Cracking MD5 Hashes

  • In Havij you can find admin panel by clicking on find admin tab. Sometimes you will not be able to find admin panel because the website may have changed its default admin panel url.
  • For Cracking MD5 Hashes goto MD5 tab and paste your hash and click on start, That's it now you will find you decrypted text in result section.

 

So, that's all for the day i will Show SQLi attack using SQL map and Hackbar in next article.
Don't forget to like us on facebook and subscribe our newsletter

 

 

 

Share This:

Be the first to comment

Leave a Reply

Your email address will not be published.


*