SQLI and Havij

SQLI and Havij

Learn Hacking

 become a professional hacker !!!

A sql vunerable site, I am taking this site
http://toyonorte.com.co/catalogo_nuevos_...e.php?id=2 as an example.


Checking for sql vulnerability --->

Here i am taking http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2 as an example.


Now to check is this site vulnerable to sql, I will simply add ' after the site url

like this http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2'

and i get this error on the site

You have an error in
your SQL syntax; check the manual that corresponds to your MySQL server
version for the right syntax to use near '\'' at line 1

It means that site is vulnerable to sql injection.
Exploiting the vulnerable site --->

1. Open Havij and paste site url in target field and hit enter
2. Now wait for Havij to get all the databases of the website.
3. Now click on available databse of site and click on Get Tables like i am gonna select 535480_toyonorte of my site like in image.

4. By clicking Get Tables Havij will look after the tables available in the database.
5. Now after the
scanning Havij will get all tables, now the main work start , you have
to check it there table available named as admin, users and something
similar to these words like i get usuario in my website and select it and click on Get Columns. Like in pic given below.

6. Now after clicking Get Columns havij will get all the columns available in users table.
7. In my case i found diffrent columns like id, login, pass an many more.
8. Now select the columns and click on Get Data like in pic given below.

 Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click