HAVIJ
Havij is a automatic tool that helps you to exploit SQL injection vulnerabily sites. This is advance tool having a most of the features.
By using havij an attacker can perform My sql with error, My sql with no error, blind sql, my sql time based, oracle, oracle error based, find database, tables, password, usernames, find admin panel and many md5 decrypter…..
Download this tool
First of all you need a vulnerable site you can find the vulnerable site by using dorks type following dorks in google
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
You get many sites open anyone site and put the ” ‘ ” at the end of the site url link without quotes. If the error come then it is vulnerable to SQL
When you get the vulnerable sites then follow these steps
STEPS
- Type the sql vul site in the target eg. http://name-shame.co.uk/pages.php?id=2′
- then click on analyze ..
- then tool start finding the database automatic as this is a tool you dont have to do anything manual..
- when this tool find the database
- Then click on get tables When you get the tables
click in any one table which is there admin or user’s Then click on get columns . You get all the colums .You need only username & password to get access to the target site. Select the username & password and click on get data….
- Now find the admin panel of the site by clicking on find admin
- Now enter the username and password in the admin panel .
i hope this post is helpful to you …… and don’t forget to share it
Semoga Bermanfaat !!
source http://devils-arena.com/
0 comments:
Post a Comment