Well, this time i'd like to share to you about one of my favorite tools on Backtrack. have you ever heard about sql injection?. I believe almost of us familiar with that kind of attack. Let me give you little explanation.
Sql injection is a method which used to penetrate the database on the web server. This attack also known as "cheapest" way to hack. Why?, because all you need is a web browser. Cool nah?. Yep, just a web browser and combine with your knowledge about sql command and you could own a website.
SQL injection also give you a chance to dump whole database on the web server. Next question is, HOW CAN I DO THAT?
Okay, here is the way. In Backtrack sqlmap is installed as a default tools. Open your terminal or browse it on the main menu.
After that, you can find the sqlmap ( highlighted with green color ). Type this syntax
./sqlmap -u <your target url> --dbs --table --threads < number of threads you want to use> --level < number of intense level>
If you sure your target is using MySQL as database back end, then change --dbs to --dbms=MySQL
And here is the dork i used to find a target, search in google and type allinurl:page.php?id=
then put your target url in sqlmap :)
Regards,
Ozy
