Hi Friends in this Tutorial i will Tell you How to Hack Web Sites With Sql Injection tool, there are large amount of sql vulnerable sites available.
Google Dorks: Google dorks are specifically query's that can reveal all the information about the specific website. I am giving you some Google dorks which you can use for finding the website vulnerable to sql injection.
2) Now extract it and run it. It will look some thing like this.
addToCart.php?idProduct=
addtomylist.php?ProdId=
add-to-cart.php?ID=
adminEditProductFields.php?intProdID=
advSearch_h.php?idCategory=
affiliate.php?ID=
affiliate-agreement.cfm?storeid=
affiliates.php?id=
ancillary.php?ID=
archive.php?id=
article.php?id=
phpx?PageID
basket.php?id=
Book.php?bookID=
book_list.php?bookid=
book_view.php?bookid=
BookDetails.php?ID=
Finding target:
1) Now just paste any one of the query in Google search box you will get a lot of websites.
2) Now open any of the website so you will get the link like this.
www.example/index.php?id=12 or any number
3) We have to just add a single quote (') at the end of link so it will become some thing like this.
www.example.com/index.php?id=12'
4) Look closely at the page before adding single quote (') and after adding single quote (') . If the some element of the page is missing then Bingo!!! you have found a vulnerable website. Now we can start our sql injection. And if the page remains the same or show's error like page not found then it is not vulnerable and you shouldmove to another website.
Now we have our target ready so what are you waiting for just attack.
www.example/index.php?id=12 or any number
3) We have to just add a single quote (') at the end of link so it will become some thing like this.
www.example.com/index.php?id=12'
4) Look closely at the page before adding single quote (') and after adding single quote (') . If the some element of the page is missing then Bingo!!! you have found a vulnerable website. Now we can start our sql injection. And if the page remains the same or show's error like page not found then it is not vulnerable and you should
Now we have our target ready so what are you waiting for just attack.
1) First of all download Havij 1.15
Download Havij
2) Now extract it and run it. It will look some thing like this.
3) Now paste your target in the highlighted box. And click analyze.
4) Let it analyze your target for some time. and then you will see something like this.
5) Now click on "Tables" tab. You will see something like this.
6) Now click on "Get DBs" ( Make sure you have tick-marked on the first option, let it be anything ). Now wait for about a minute you will some thing like this.
7) Now tick-mark both the option's. And click on "Get Tables". And wait for some 2-3 minutes. You will get a lot of information from this. It'll look something like this.
8) Now search something sensitive like admin, users, login, passwords, and many more. Tick-mark them and click on "Get Columns". You will see something like this.
9) Now there you have user_id, password, user_name. Now tick-mark them and select "Get Data". You will see something like this.
10) Now find admin panel. And login using the user_id and password found.
0 comments:
Post a Comment