Post: [TUT] SQL injection w/ Havij
Options
03-05-2011, 02:14 PM
#1
ysinha123
Haxor!
1. Download Havij- You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. You must login or register to view this content. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable
at the bottom, you're good to go.6. When you get this, You must login or register to view this content.
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data. You must login or register to view this content.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
03-07-2011, 02:09 PM
#20
ysinha123
Haxor!
Originally posted by tP
I can't find any vulnerable site help me?
---------- Post added at 03:49 PM ---------- Previous post was at 03:30 PM ----------
Hacked 1 site. Was in russian there admincp made no sense. Going on to the next.
---------- Post added at 03:49 PM ---------- Previous post was at 03:30 PM ----------
Hacked 1 site. Was in russian there admincp made no sense. Going on to the next.
Use a translator? lol congrats anyways.
---------- Post added at 10:09 AM ---------- Previous post was at 10:08 AM ----------
Originally posted by Dr.
Finding a vulnerable site. I had a look at some vids on YouTube by typing in Google: inurl:example.php/id=
Then it comes up with loads, but Havij says that they are NOT vulnerable.
---------- Post added at 07:23 PM ---------- Previous post was at 07:22 PM ----------
Then you've probably got an outdated version..
Then it comes up with loads, but Havij says that they are NOT vulnerable.
---------- Post added at 07:23 PM ---------- Previous post was at 07:22 PM ----------
Then you've probably got an outdated version..
Add an asterisk at the end of the url and if you get an error, it's vulnerable.
03-07-2011, 02:29 PM
#21
Mr. DarkKV
League Champion
Originally posted by ysinha123
This is by far the easiest way to SQL inject a website!
1. Download Havij- You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. You must login or register to view this content. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable at the bottom, you're good to go.
6. When you get this, You must login or register to view this content.
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data. You must login or register to view this content.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
1. Download Havij- You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. You must login or register to view this content. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable
at the bottom, you're good to go.6. When you get this, You must login or register to view this content.
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data. You must login or register to view this content.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
Havij is just TOOOOO easy. Why do people us Havij now days? ****ing noobs.
The following user thanked Mr. DarkKV for this useful post:
03-07-2011, 02:43 PM
#22
ysinha123
Haxor!
Originally posted by Mr.
Havij is just TOOOOO easy. Why do people us Havij now days? ****ing noobs.
Don't get me wrong, I can SQL inject manually, in fact that was how I learned to do it first. I just came across Havij recently and made a tut on how to SQL inject with it because there is already a tut on manual SQL injection.
03-07-2011, 02:45 PM
#23
Mr. DarkKV
League Champion
Originally posted by ysinha123
Don't get me wrong, I can SQL inject manually, in fact that was how I learned to do it first. I just came across Havij recently and made a tut on how to SQL inject with it because there is already a tut on manual SQL injection.
+Rep'd for not being a noob and actually knowing how to do SQLi THE REAL WAY
The following user thanked Mr. DarkKV for this useful post:
03-07-2011, 02:53 PM
#25
Mr. DarkKV
League Champion
Originally posted by ysinha123
Thanks, here's some back, although it isn't much:black:
Lol, you +5 me +20....
But thanks anyway..... :bro:
03-08-2011, 04:28 AM
#26
Midnight.eGo
from El Paso, Texas (915)
.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
