Zpět na seznam článků     Číst komentáře (14)     Verze pro tisk

Advanced SQL Injection - Havij

Autor: C1sc0   
28.6.2011

Sql injection


Hi there!

I don't understand in Czech language, but I'm writing this tutorial for You. Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. You can download from: http://itsecteam.com/en/projects/project1_page2.htm here. It's not a spam or virus. My target site was: http://www.pclife.hu/ with this security tool, I get, the administrators password and the passwords of other users of the site. The administrators page is located http://www.pclife.hu/admin

Steps:

1. Download and install the free version, of the program.
2. On the target page find some links, that contains a php sript... (http://www.pclife.hu/showImage.php?id=18897)
3. You can also check manually, that the page is not secure, but from this I write later :)
4. Copy the url to the program windows, paste in the target field, click Analyze
5. Wait a moment, the program is searching the database name, if you get the database name...
6. Click on Tables button, select database, Click the "Get Tables" button, after you get the table names...
7. Select the Table where you want from get data, Click Get Colums, and finally select the Columns and click the "Get Data" button :)
8. Enjoy


Líbil se Vám článek?
Budeme potěšeni, pokud vás zaujme také reklamní nabídka

Social Bookmarking

     





Hodnocení/Hlasovalo: 1/1

1  2  3  4  5    
(známkování jako ve škole)