Post: [TUT] SQL injection w/ Havij free download
Options
05-11-2011, 01:22 PM
#1
MrBelfast
I am Bi-Winning
This is by far the easiest way to SQL inject a website!
1. Download Havij You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable at the bottom, you're good to go.
6. When you get this,
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
edit: I had pics here but the links are broken now, so if anyone needs help with this, just quote me.
05-11-2011, 04:13 PM
#4
Epic?
Awe-Inspiring
Originally posted by BELFAST
Don't hate, I know how to do SQLi the real way as well.
This is by far the easiest way to SQL inject a website!
1. Download Havij You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable at the bottom, you're good to go.
6. When you get this,
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
edit: I had pics here but the links are broken now, so if anyone needs help with this, just quote me.
This is by far the easiest way to SQL inject a website!
1. Download Havij You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable at the bottom, you're good to go.
6. When you get this,
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
edit: I had pics here but the links are broken now, so if anyone needs help with this, just quote me.
Have some tea or whatever?
You must login or register to view this content.
The following user thanked BAMF for this useful post:
The following user groaned BAMF for this awful post:
05-14-2011, 01:27 AM
#6
CodingNation
Banned
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
