First you need to download Havij. The paid version would be prefered, since it has more features and supports more stuff. You can get the free version here: here (only Windows.)
Send a mail to FPSRussia.lf@gmail.com for the paid version.
Install Havij and start it. It'll look like this:
Now, it's time for the boring part: Finding a vulnerable site.
It may take hours, so have some patience.
You need to find a dork you like.
A dork is a way to let google do the hard work finding the parameter. If your wanted parameter is shop.php?id=22 , then your dork is: inurl:"shop.php?id="
I'm going with inurl:"showthread.php?id="
It'll look like this:
When you find a page you like, you must look if it's vulnerable. To see if it's vulnerable, you're going to add a ' at the end of the parameter. Like this:
If it returns some kind of error, like missing pictures, text or similar, then it's more than likely vulnerable to your attack. Here's the error I got:
Let's see if we can inject the site with Havij.
In the "Target", you're going to write the sites name, with the parameter.
It'll look like this:
Click on the analyze button. Now, Havij is going to analyze the url and hopefully find it vulnerable. (Note: Even though Havij can't find a vulnerabillity, it doesn't mean the site isn't vulnerable.)
When it finished, you can see if it's vulnerable.
Let's look at Havij. My turned out to be vulnerable. Great succes! Let's look:
It'll show you all kind of good information. It shows the sites IP, the server type, injection type, columns and database.
That's all for now. Stay tuned for part two. (Sorry. I'm afraid Blogspot will ban my blog, if I add more images.)
Feel free to comment or send a a message on FPSRussia.lf@gmail.com
Ingen kommentarer:
Send en kommentar