Monday, November 14, 2011

             SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.
SQL Injection can be done by manually injection or via automatic tools. Automatic tools are easy to use and do not require much technical knowledge.
In this tutorial we will discuss Havij. Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
  • You can download havij from here.
Now open Havij and paste the link without ‘ ‘

Now we have to find the columns of the database.
Now, we can get the data from the columns (usernames, passwords, etc).
After this you will be able to find the admin id or password but remember normally web server uses MD5 encryption technique, you have to decrypt this password use havij option MD5.
Now open Havij and paste the link without ‘ and press Analyze.
After we find Database name, we can collects information about tables.

After decrypting the password, you have to find the admin login page of the website. To do that use Havij options.
You can find more useful video tutorials about Havij on YouTube.

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Pageviews

Followers

Blog Archive

Powered by Blogger.

- Copyright © 2013 Selva Sharing -Selvasharing- Powered by Blogger - Designed by @ Access -