TUT ON SQL INJECTION USING HAVIJ
TOOLS NEEDED
HAVIJ - [You must be registered and logged in to see this link.]
DORKS - [You must be registered and logged in to see this link.]
What is SQL injection?
It's one of the most common vulnerability in web applications today. It allows attacker to execute database query in url and gain access to some confidential information etc...(in shortly).
1.SQL Injection (classic or error based or whatever you call it)
2.Blind SQL Injection (the harder part)
Now let start
first we need to find vulnerability site to do that wee need dork, download it above
here is one i pick out of dork ( inurl:index.php? ), so what you have to do is to go to google.com and put this dork there "inurl:index.php?id="
like this
[You must be registered and logged in to see this link.]
you will see list of vulnerable site, chose any one you want. For me am going to pick this one " [You must be registered and logged in to see this link.] "
now open your havij where you save it, then enter this site " [You must be registered and logged in to see this link.] to the havij as below pic. But it depends on the site you want to hack, but for me am using this one "http://www.slightergolf.com/products/shop.php?c=misc&id=8:
After that the sofware will look for database of you website. the database i got here is " slighter_website "
Step 2
We need to get the number of tables that the database have to do this we click on table as i do in this pic below
then the number of tables will show, like below pics
Step 3
We need to find the number of column, at this point it depends on the intention you want, either you want to hack admin or you want to hack credit card but here I will use this to get admin password and ID. now click the admin and click get colunm as below pics
then you will see another sub columns which is name and password for this database, it depends on the site you want to get their database and hack
step 4
click on the sub coloum name and password, then go and click on get data to get the login user name and admin for this database
then you will see the user name and password like below information
yes that's all ,
I hope you enjoy all this tut if you have any problem just contact me..