SQL Injection is one of the most found vulnerabilities in the websites and web applications. Developers know how to kow the website but they eaasily forget to filter the date sent to the website in forms and queries. This mistake makes website vulnerable to SQL injection. I have already post many Automatic SQL injection tool in this website. But most of the reader found it difficult to use the tool SO here i am gloing to write about the most famous SQLi Tool which do all the work for you and extract the whole database of the vulnerable website.
If you do not have Havij, then download fromthe given link.
http://hackingtricks.in/2011/09/download-havij-1-1-5.html
http://www.itsecteam.com/en/projects/project1_page2.htm
It was my older post. And if the link is dead. then try to Google it.
Now run the tool in your system. I am not including the detailed snapshots because i do not want to target on a website at a public post.
Enter the target URL with a query string as a get parameter. http://targetwebsite.com/index.aspx?id=12
Then click on analyze.
The tool will scan the website and will give the details about the server and technology it is using.
After the tool had done with its work and found the name of the database.
Now click on Tables to fetch the tables of the database. After the tables have been retrieved by the tool, you can easily fetch the data inside the tables.
Tool also has the cmd shell to execute the cmd commands on the server and MD5 tool to ctrack the passwords stored in the MD5 hash.
If you do not have Havij, then download fromthe given link.
http://hackingtricks.in/2011/09/download-havij-1-1-5.html
http://www.itsecteam.com/en/projects/project1_page2.htm
It was my older post. And if the link is dead. then try to Google it.
Now run the tool in your system. I am not including the detailed snapshots because i do not want to target on a website at a public post.
Enter the target URL with a query string as a get parameter. http://targetwebsite.com/index.aspx?id=12
Then click on analyze.
The tool will scan the website and will give the details about the server and technology it is using.
After the tool had done with its work and found the name of the database.
Now click on Tables to fetch the tables of the database. After the tables have been retrieved by the tool, you can easily fetch the data inside the tables.
Tool also has the cmd shell to execute the cmd commands on the server and MD5 tool to ctrack the passwords stored in the MD5 hash.