Monday 12 August 2013

Hack Websites Using Havij [SQL Injection Tutorial]

  As said on my previous post now i will Show you step by step the process of SQL injection.



STEPS :

Step1: Find SQL injection Vulnerability in tour site and insert the string (like http://www.target.com/index.asp?id=123) of it in Havij as show below.




Step2: Now click on the Analyse button as shown below.



Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:


Step3: Now click on the Tables button and then click Get Tables button from below column as shown below:


Step4: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.





If you dont have Havij the downlod form the below link


Download

Countermeasures: 

Here are some of the countermeasures you can take to reduce the risk of SQL Injection


  1. Renaming the admin page will make it difficult for a hacker to locate it
  2. Use a Intrusion detection system and compose the signatures for popular SQL injection strings
  3. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.

2 comments:

  1. Thanx bro ... but how to find vulnerable sites ?

    ReplyDelete
  2. You can do this using either in Backtrack OS or in windows you can use vulnerability scanning tools .. search in google ul find a lot of tutorial for this ..

    ReplyDelete

 

Subscribe to our Newsletter

Contact our Support

Email : ajai199@gmail.com