Wednesday, April 27, 2011
SQL INJECTION | Website Defacing | With Example.
Do you like this story?
What is SQL injection ?
SQL stands for Structured Query Language.SQL is used to design the databses. The information is stored in databses. SQL injection is the vulnerability occuring in database layer of application which allow attacker to see the contents stored in database. This vulnerabilty occures when the user's input is not filtered or improperly filtered.
The main goal of attacker is use to access the information stored in website's database. It can be done manually, read more here. In this tutorial, I am using to do the same thing easily using a tool.
I remind you again that its only for educational purposes.
Requirement: Download the tool from here. Its SqliHelperV.2.1.
Steps of attack :-
Vulnerable Website > Database > Tables > Columns > Data
Search for any vulnerable website using Google Dorks. I found this website
http://www.shelter.org/org/news.php?id=5.
I came to know its vulnerable because when I attached a single quote at the end, it didn't filter it and returned me with an error.
SQL stands for Structured Query Language.SQL is used to design the databses. The information is stored in databses. SQL injection is the vulnerability occuring in database layer of application which allow attacker to see the contents stored in database. This vulnerabilty occures when the user's input is not filtered or improperly filtered.The main goal of attacker is use to access the information stored in website's database. It can be done manually, read more here. In this tutorial, I am using to do the same thing easily using a tool.
I remind you again that its only for educational purposes.
Requirement: Download the tool from here. Its SqliHelperV.2.1.
Steps of attack :-
Vulnerable Website > Database > Tables > Columns > Data
Search for any vulnerable website using Google Dorks. I found this website
http://www.shelter.org/org/news.php?id=5.
I came to know its vulnerable because when I attached a single quote at the end, it didn't filter it and returned me with an error.
http://www.shelter.org/org/news.php?id=5'
Step 1. Run the tool and there is no need of any installation. Input the vulnerable URL and click on 'Inject'
Step 5: Select the column and click on "Dump Now" . A new pop up window would open showing you the data stored in it.
You can now have the data's stored in that website.its good if you use university or college website as they contain more information about students and moreover they are not much secured.
Step 2 : After processing is done. Click on "Get Database".It would then show the databases
Step 3: Select any database other than "Information_schema" and Click on "Get tables". It would start fetching all tables. Have some patience. In most of the cases there is a table like admin or login or users etc.
Step 4: Select any Table and click on "Get Columns".
Step 5: Select the column and click on "Dump Now" . A new pop up window would open showing you the data stored in it.
Note:I,Ashif Ismail is not at all responsible for doing any illegal activities using the article provided.this is just for educational purpose.any illegal activities done without proper caution will make you to land in jail.
This post was written by: Ashif Ismail
Ashif Ismail is a professional blogger, Software Programmer and front end web developer. Follow him on Twitter
Subscribe to:
Post Comments (Atom)
0 Responses to “SQL INJECTION | Website Defacing | With Example.”
Post a Comment