Link to post: http://learn-basic-hacking.blogspot.com/2013/04/sql-injection-with-havij.html
Today, we're going to discuss the actual injection. If your site was vulnerable, then let's continue. If not, find another site.
We're going to click the button, I marked with red.
This will lead us to the Database section.
Click the red marked button. It will now get the databases tables. (Note: Make sure you've checked which database.)
You'll see the tables like this:
(Note: It might need to brute-force the tables. Same goes with Columns.)
Now, it's time to look for the table with accounts. I have two possible tables with the account details. Medlemmer (Members) and login. I go with the "login" table. Check the box at your selected table and click "Get Columns."
It'll get a drop-down menu.
I got "id, user, pass, status." That's good! Check the boxes you want and click "Get Data."
Congratulations! You've just injected a site. In the next tutorial, I'm going to show you, how to find the adminstrator login page. And I might teach you, how to deface it.
That's all for now! I hope you enjoyed the tutorial! If you have any questions, feel free to ask in comment or write an email to FPSRussia.lf@gmail.com
Ingen kommentarer:
Send en kommentar