WATCH VIDEO
According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.
One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.
Vulnerable Site - http://www.hypetrading.com/productinfo.php?id=285
Download Havji - Click Me
Now Let's Start
Open Havij and copy and paste infected link as shown in figure
Now click in the "Analyze"
Then
It shows some messages there....Be alert on it and be show patience
for sometime to find it's vulernable and type of injection and if db
server is mysql and it will find database name.Then after get it's
database is name like xxxx_xxxx
Then
Move to another operation to find tables by clicking "tables" as
figure shown.Now click "Get tables" Then wait some time if needed
After
founded the tables ,you can see there will be "users" Put mark on it
and click in the " get columns " tab as shown in figure
In that Just put mark username and password and click "Get data"
Bingo Got now id and pass that may be admin
The pass will get as md5 you can crack it also using this tool as shown in figure
No comments:
Post a Comment