Advanced SQL Injection - Havij
Zdroj: SOOM.cz [ISSN 1804-7270]
I don't understand in Czech language, but I'm writing this tutorial for You. Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. You can download from: http://itsecteam.com/en/projects/project1_page2.htm here. It's not a spam or virus. My target site was: http://www.pclife.hu/ with this security tool, I get, the administrators password and the passwords of other users of the site. The administrators page is located http://www.pclife.hu/admin
1. Download and install the free version, of the program.
2. On the target page find some links, that contains a php sript... (http://www.pclife.hu/showImage.php?id=18897)
3. You can also check manually, that the page is not secure, but from this I write later :)
4. Copy the url to the program windows, paste in the target field, click Analyze
5. Wait a moment, the program is searching the database name, if you get the database name...
6. Click on Tables button, select database, Click the "Get Tables" button, after you get the table names...
7. Select the Table where you want from get data, Click Get Colums, and finally select the Columns and click the "Get Data" button :)