technique HACKERS insert SQL codes into the login forms ( Username & Password) to deface and access the site. Now these days SQL injection is quite easy to perform with the automatic tools of SQL to hack the websites this makes script kiddies job more easy.
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page
Supported Databases with injection methods
- MsSQL 2000/2005 with error
- MsSQL 2000/2005 no error union based
- Sybase (ASE)
- MySQL union based
- MySQL Blind
- MySQL error based
- Oracle union based
- Follow Steps
Step 1 : Firstly find SQL injection Vulnerability and insert the string
(like http://www.target.com/index.asp?id=123)
Step 2 : You can search " index.asp?id= " or " .php?id= " on google to find Vulnerable website and then press Analyze button.
Step 3 : If the site is vulnerable then it shows this type of message and give information about the database.
Step 4 : Now move to another step, click on TABLES and then Get Tables.
Step 5 : Now Click on USER then press Get Columns then just put mark username and password and click "Get data" . Every Password display in MD5 you can crack it also using this too.
Warning - This article is only for education purposes, HACKING begins is not responsible for any kind of damage cause by information provide in this article.
0 comments:
Post a Comment