Hack Website Using Havij download full version
Posted by Nikhil Chawra 10/30/2012
Hello, I am going to show you how you can use Havij, to do a SQL injection attack.
SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.
first, find any vulnerable website from google using dorks
you may also read :-
Hack a website by Remote File Inclusion
some well-known dorks
Steps-
1. Firstly what you need to do is get your vulnerable site ready with the ID on the end, in this case "nwid=1658". You then need to enter the whole link into the Havij "target" bar.
2. Once you've entered the link into the "target" box you need to press the analyze button. Let it go through until it has completed finding everything it needs to about the database.
3. Once it's done the Get DB button should appear clickable, click that. Inside there you will see the databases you need to find the one which contains user information in this case it's "rajsoft_mprealtynews", check the box next to it and press "get tables". After that another drop down will appear with a list of things. You need to find something that is associated with usernames and passwords, in this case "users". After you check users you need to press "get columns", that will then return the columns inside that table
.
4. will create another drop down, and from there you need to find username and password, these are easily located. Tick both "username" and "password" then press "Get Data". Once you've pressed it, it will display every username and password on that DB selected, usually find the one with the username, "admin".
Once you have finished collecting all the data you can export it into a .html file, which will organise it and format it nicely into a table, for easy reading.
SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.
first, find any vulnerable website from google using dorks
you may also read :-
Hack a website by Remote File Inclusion
some well-known dorks
- Find Vunl Websites :
- index.php?id=
- trainers.php?id=
- buy.php?category=
- article.php?ID=
- play_old.php?id=
- declaration_more.php?decl_id=
- pageid=
- games.php?id=
- page.php?file=
- newsDetail.php?id=
- gallery.php?id=
- show.php?id=
- staff_id=
- newsitem.php?num=
- readnews.php?id=
- top10.php?cat=
- historialeer.php?num=
- reagir.php?num=
Steps-
1. Firstly what you need to do is get your vulnerable site ready with the ID on the end, in this case "nwid=1658". You then need to enter the whole link into the Havij "target" bar.
2. Once you've entered the link into the "target" box you need to press the analyze button. Let it go through until it has completed finding everything it needs to about the database.
3. Once it's done the Get DB button should appear clickable, click that. Inside there you will see the databases you need to find the one which contains user information in this case it's "rajsoft_mprealtynews", check the box next to it and press "get tables". After that another drop down will appear with a list of things. You need to find something that is associated with usernames and passwords, in this case "users". After you check users you need to press "get columns", that will then return the columns inside that table
.
4. will create another drop down, and from there you need to find username and password, these are easily located. Tick both "username" and "password" then press "Get Data". Once you've pressed it, it will display every username and password on that DB selected, usually find the one with the username, "admin".
Extra steps
Once you have finished collecting all the data you can export it into a .html file, which will organise it and format it nicely into a table, for easy reading.
?
+
X
Recommended for you
Loading..