The
technique we are going to use sql injection. For more information about the
topic can be found here. I will be soon posting tutorial about manual sql
injection.
Google Dorks: Google dorks are specifically query's that can reveal all the information about the specific website. I am giving you some Google dorks which you can use for finding the website vulnerable to sql injection.
inurl:index.php?id=
inurl:index.php?cat=
inurl:index.php?x=
inurl:index.php?page=
inurl:index.php?module=
inurl:index.php?p=
inurl:index.php?action=
inurl:index.php?content=
Finding target:
1) Now just paste any one of the query in Google search box you will get a lot of websites.
2) Now open any of the website so you will get the link like this.
www.somesite.com/index.php?id=12 or any number
3) We have to just add a single quote (') at the end of link so it will become some thing like this.
www.somesite.com/index.php?id=12'
4) Look closely at the page before adding single quote (') and after adding single quote (') . If the some element of the page is missing then Bingo!!! you have found a vulnerable website. Now we can start our sql injection. And if the page remains the same or show's error like page not found then it is not vulnerable and you should move to another website.
Now we have our target ready so what are you waiting for just attack.
1) First of all download Havij 1.16 from below mentioned link or from here.
2) Now extract it and run it. It will look some thing like this.
Google Dorks: Google dorks are specifically query's that can reveal all the information about the specific website. I am giving you some Google dorks which you can use for finding the website vulnerable to sql injection.
inurl:index.php?id=
inurl:index.php?cat=
inurl:index.php?x=
inurl:index.php?page=
inurl:index.php?module=
inurl:index.php?p=
inurl:index.php?action=
inurl:index.php?content=
Finding target:
1) Now just paste any one of the query in Google search box you will get a lot of websites.
2) Now open any of the website so you will get the link like this.
www.somesite.com/index.php?id=12 or any number
3) We have to just add a single quote (') at the end of link so it will become some thing like this.
www.somesite.com/index.php?id=12'
4) Look closely at the page before adding single quote (') and after adding single quote (') . If the some element of the page is missing then Bingo!!! you have found a vulnerable website. Now we can start our sql injection. And if the page remains the same or show's error like page not found then it is not vulnerable and you should move to another website.
Now we have our target ready so what are you waiting for just attack.
1) First of all download Havij 1.16 from below mentioned link or from here.
2) Now extract it and run it. It will look some thing like this.
3) Now paste
your target in the highlighted box. And click analyze.
4) Let it
analyze your target for about 5-10 minute's. and then you will see something
like this.
5) Now click
on "Tables" tab. You will see something like this.
6) Now click
on "Get DBs" ( Make sure you have tick-marked on the first option,
let it be anything ). Now wait for about a minute you will some thing like this.
7) Now
tick-mark both the option's. And click on "Get Tables". And wait for
some 2-3 minutes. You will get a lot of information from this. It'll look
something like this.
8) Now
search something sensitive like admin, users, login, passwords, and many more.
Tick-mark them and click on "Get Columns". You will see something
like this.
9) Now there
you have user_id, password, user_name. Now tick-mark them and select "Get
Data". You will see something like this.
10) Now find
admin panel. And login using the user_id and password found.
Any problem ask in comments. Enjoy and Merry Christmas to all my readers.in advance :
Any problem ask in comments. Enjoy and Merry Christmas to all my readers.in advance :
click here to download HaVIJ |
0 comments:
Post a Comment