0
comments
Hi, this is me, sorry for being absence for a couple of month due to campus assignment and etc :D.
Well, this time i'd like to share to you about one of my favorite tools on Backtrack. have you ever heard about sql injection?. I believe almost of us familiar with that kind of attack. Let me give you little explanation.
Sql injection is a method which used to penetrate the database on the web server. This attack also known as "cheapest" way to hack. Why?, because all you need is a web browser. Cool nah?. Yep, just a web browser and combine with your knowledge about sql command and you could own a website.
SQL injection also give you a chance to dump whole database on the web server. Next question is, HOW CAN I DO THAT?
Okay, here is the way. In Backtrack sqlmap is installed as a default tools. Open your terminal or browse it on the main menu.
Well, this time i'd like to share to you about one of my favorite tools on Backtrack. have you ever heard about sql injection?. I believe almost of us familiar with that kind of attack. Let me give you little explanation.
Sql injection is a method which used to penetrate the database on the web server. This attack also known as "cheapest" way to hack. Why?, because all you need is a web browser. Cool nah?. Yep, just a web browser and combine with your knowledge about sql command and you could own a website.
SQL injection also give you a chance to dump whole database on the web server. Next question is, HOW CAN I DO THAT?
Okay, here is the way. In Backtrack sqlmap is installed as a default tools. Open your terminal or browse it on the main menu.
After that, you can find the sqlmap ( highlighted with green color ). Type this syntax
./sqlmap -u <your target url> --dbs --table --threads < number of threads you want to use> --level < number of intense level>
If you sure your target is using MySQL as database back end, then change --dbs to --dbms=MySQL
And here is the dork i used to find a target, search in google and type allinurl:page.php?id=
then put your target url in sqlmap :)
Regards,
Ozy
