SQL injection / Using Tool

SQL INJECTION /  Using tool /  Example

What is SQL injection ?

SQL stands for Structured Query Language.SQL is used to design the databses. The information is stored in databses. SQL injection is the vulnerability occuring in database layer of application which allow attacker to see the contents stored in database. This vulnerabilty occures when the user's input is not filtered or improperly filtered.

The main goal of attacker is use to access the information stored in website's database. It can be done manually. In this tutorial, I am using to do the same thing easily using a tool.

 I remind you again that its only for educational purposes.

Download the tool from:-


http://www.ziddu.com/download/14801015/SQLIHelperV.2.72.rar.html



Steps of attack :-

Vulnerable Website > Database > Tables > Columns > Data

 Search for any vulnerable website using Google Dorks.



Example...
http://www.website./......../............../........php?id=5.

I came to know its vulnerable because when I attached a single quote at the end, it didn't filter it and returned me with an errotr.


http://www.website./......../............../........php?id=5'


Step 1.  Run the tool and there is no need of any installation. Input the vulnerable URL and click on 'Inject'

Step 2 : After processing is done. Click on "Get Database".It would then show the databases

Step 3:  Select any database other than "Information_schema" and Click on "Get tables". It would start fetching all tables. Have some patience. In most of the cases there is a table like admin or login or users etc.

Step 4: Select any Table and click on "Get Columns"...

Step 5: Select the column and click on "Dump Now" . A new pop up window would open showing you the data stored in it.