TUT ON SQL INJECTION USING HAVIJ

TOOLS NEEDED
HAVIJ - [You must be registered and logged in to see this link.]
DORKS - [You must be registered and logged in to see this link.]

What is SQL injection?

It's one of the most common vulnerability in web applications today. It allows attacker to execute database query in url and gain access to some confidential information etc...(in shortly).

1.SQL Injection (classic or error based or whatever you call it)
2.Blind SQL Injection (the harder part)

Now let start

first we need to find vulnerability site to do that wee need dork, download it above

here is one i pick out of dork ( inurl:index.php? ), so what you have to do is to go to google.com and put this dork there "inurl:index.php?id="

like this
[You must be registered and logged in to see this link.]

you will see list of vulnerable site, chose any one you want. For me am going to pick this one " [You must be registered and logged in to see this link.] "
now open your havij where you save it, then enter this site " [You must be registered and logged in to see this link.] to the havij as below pic. But it depends on the site you want to hack, but for me am using this one "http://www.slightergolf.com/products/shop.php?c=misc&id=8:



After that the sofware will look for database of you website. the database i got here is " slighter_website "



Step 2
We need to get the number of tables that the database have to do this we click on table as i do in this pic below



then the number of tables will show, like below pics



Step 3
We need to find the number of column, at this point it depends on the intention you want, either you want to hack admin or you want to hack credit card but here I will use this to get admin password and ID. now click the admin and click get colunm as below pics



then you will see another sub columns which is name and password for this database, it depends on the site you want to get their database and hack

step 4
click on the sub coloum name and password, then go and click on get data to get the login user name and admin for this database



then you will see the user name and password like below information



yes that's all ,

I hope you enjoy all this tut if you have any problem just contact me..

Diba admin detected as virus yung mga injector ?
Safe ba to gamitin ?

GodKnowsJhomz wrote:Diba admin detected as virus yung mga injector ?
Safe ba to gamitin ?

safe yn pra smin xD
depende sa ngamit.. i have no antivirus on my computer
why?
because antivirus keep using a 30% of your internet speed..
so your download speed would be poor..

@ivan: eh idol naka deep freeze ka sa pc mo? hirap ng walang AV... pano mo mapapanatiling safe pc mo?