Ethical Hacking Institute Course in Pune-India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Today I am gonna show you how to test for an SQL injection within a practice website with the Havij tool.
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
Now to check is this site vulnerable to a verbose SQL injection, a hacker will simply add ‘ (apostrophe) after the site url like this:
http://site.com/products.php?id=2′
and the hacker will get this error on the site
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1
It means that site is vulnerable to SQL injection.
Now havij will look after the data available in columns login and password i.e admin username and password like i getusername –> adminpassword–> 21232f297a57a5a743894a0e4a801fc3 (in encrypted form)Such as in the image below
In this case, they found http://site.com.co/admin/ as admin panel and open it in a web browser. They login with username and password and now they have control of the website.
best fullz sites 2021 buy cc cvv online
