Hello guys , today I'am Gonna Show You How To Deface Websites Using Sql Injection Vulnerability .
Sql Injection Vulnerability Is The Most know vulnerability it Occupies first place on owasp top 10 and the most used by hackers for defacing websites !
By exploiting SQL Injection Vulnerability, You can explore Databases, Excute MySQL Queries, Uploading Files ...
There Are Many Tools To Exploit SQLI Like :
- Havij : Automated Sql Injection Exploiter
- SQL MAP : Python Script To Exploit SQLI
- Sculptor : Professional Tool For exploiting SQLI
- The Mole : Good Tool For exploiting SQLI
To check if a site is vulnerable: apppend an apostophe ( ' )
So It Will Be Like That : http://example.com/eg.php?id=1'
If You Find Any Mysql Errors, Then Our Site Is Vulnerable And Simple You can inject it by using One of the tools listed beleow.
Also You Can Inject Sqli Manually Using Some Queries , I Prefer Manual Injecting It Helps You To bypass many security errors (eg : 403 Forbidden, 406 Not Acceptable .....) And Bypassing WAF ( Web Application Firewall ) You can scan websites From sql injection using many tools Like :
- Acunetix : Web Application Security
- Web Cruiser : Scan From SQLI And XSS
- Nikto : Web Server Scanner
- W3af : Web Vulnerabilities Scanner
- Vega : Web Vulnerabilities Scanner
PS : Almost Of Those Tools Are Included With Penetration Testing operating Systems.
Here Are Some Queries To Inject SQLI :
- group_concat(table_name) : Get All Tables Of Database
- group_concat(column_name) : Get All Columns From Database
- (SELECT column FROM table) : Show Column From Exited Table And Used For Numeric SQLi
- order+by+number : Get Columns Number
- union+select+number : Get Infected Column Number
To Make It Easy, Our Team Has Developed Simple python Script To Inject Sql Injection Using Some Query You Can Download It Here :
Download This Tool From Here
This is Some Tutorials About Injecting SQLI
- Hack Websites Using Havij : Youtube Video
- Hack Websites Using SQLMAP : Youtube Video
- Hack Website Manually : Youtube Video
Good Bye
EmoticonEmoticon