Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In



Sign Up

Learn Or Teach

You can learn computer security by practicing in the Dashboard, you can also be taught by a teacher. Or You can teach community members regardless of your specialty, and earn points for each person!

Learn or Teach

The Challenges

The new Challenges page is here. Take advantage of several vulnerable web applications to help train you such as, DVWA, XVWA, Mutillidae. You can also launch an existing or custom virtual machine.

Play Now !

Collaboration Room

The first categories of the forum are rooms that you can create or join in order to participate in events with the other members of the community. You can also create your room to make a teaching request, or attend your teacher's presentation. In this room you can create a private forum, store your information, invite other people etc.

Create Room

Create your club

You can create a club with your friends, earn points in teams. Creating a club gives you access to a team space. There you will have a private forum where you can store files, share information etc. Invite your friends and play together!

Create yours now!

VIP

Several VIP packs are available, understand that the survival of this site depends on it. Of course you can buy this pack with your points won during events. Formulas: Vip Member Vip Teacher Vip student

Buy
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.
Sign in to follow this  
Naylor

SQL injection with Sqlmap

Recommended Posts

 

The method of SQL injection  with sqlmap is the most used because sqlmap (or Havij)  are easy to use simply :classic_biggrin:

(and the manually way is really long)

This tutorial is not for High level of SQL injection it's mostly to understand .

What is a SQL injection ?

SQL is the language used to manage and create the database of the website so a sql injection is a injection of code in order to enter into the database and take the information a the admin account (or just take the email of users)

in this topic I'm gonna enter into details  so if you want to learn more :

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

How to find vulnerable site ?

So the vulnerability can be find in the id argument of the url under this form : .php?id=

you can use Dorks or just write .php?id= in the google search engine and scroll a lot's

to automate this task you can use SQLI hunter (with dorks) :

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

if when you add ' at the end of the url there is an error where it's writing:(or something similar)

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

 

How to exploit the vulnerability ?

Me i will use Pentest-box (with sqlmap include) :

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

so once you find the web-site (or training web-site),

launch a terminal  and enter

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

it will test the connection of the target and test some sql injection

Then write :

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

to show the database present

to select one DB and show the tables:

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

and to select one tables and show the columns write :

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

so the next stage is to show what's into the columns (user or mail etc...)

to do that we are gonna dump the DB, and to do that write:

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

as you can see you can select many objects by separating then with a coma.

so know you have either the tables in clear either in hashes and in this case you have to decrypt the data (and that's not the subject of the topic :classic_biggrin:)

and with SQLI hunter and Havij you can find the admin panel automatically , manually try a lot's a url (but the SQLI hunter and Havij way is more optimize)

then connect you and do whatever you want to do.

Leave a like :classic_biggrin:

HERE some vulnerable website :

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

Edited by Naylor
  • Like 3

Share this post


Link to post
Share on other sites
Sign in to follow this  

×