1. Forums /
  2. Tech Boards /
  3. Computer Programming /
  4. [TUT] SQL injection w/ Havij
Post: [TUT] SQL injection w/ Havij
03-05-2011, 02:14 PM #1
ysinha123's Avatar
ysinha123
Haxor!
(adsbygoogle = window.adsbygoogle || []).push({}); This is by far the easiest way to SQL inject a website!

1. Download Havij- You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. You must login or register to view this content. Hit analyze.
4. Have some tea or whatever while it's working :P
5. If it says Target Vulnerable Happy at the bottom, you're good to go.
6. When you get this, You must login or register to view this content.
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data. You must login or register to view this content.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
(adsbygoogle = window.adsbygoogle || []).push({});

The following 3 users say thank you to ysinha123 for this useful post:

FullTilt, Honeybro, Josh
03-29-2011, 10:32 AM #29
Mr Hankey's Avatar
Mr Hankey
◕‿◕
I can't find a php?id=123 ending on my school site.. site is You must login or register to view this content. (it's dutch) it ends with .html everywhere..
05-17-2011, 11:10 AM #30
IKvPro's Avatar
IKvPro
Keeper
you have to have the id=230 (eg) if its just .com at the end it wont work Smile

---------- Post added at 06:10 AM ---------- Previous post was at 06:08 AM ----------

i cant find any websites vulnarable enough (that give database type) got any really crappy websites?
05-18-2011, 12:11 AM #31
BAMF's Avatar
BAMF
Social Engineer
Mine is soooooooooooo much better

Copyright © 2026, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo