Learn and get information about new technologies and what happening around the world. here you can also know how to get rid of problems and error having in video games and application. browse here and find how to make sure that you are secure from being hacked and learn how hackers hack your data and how can you save your self from being hacked.
Sunday, 29 May 2016
Exploit SQL Injection Using Sqlmap in kali linux
SQL injection : it is an attack that exploits non-parametrized SQL queries in a database , so that the attacker can insert their own queries.
Sqlmap : This is a very powerful penetration test tool (open source) , it automates the discovery and exploitation of vulnerabilities to SQL injection attacks. It has many functions , and included features such as detecting DBMS, databases, tables , columns, retrieve data and even take control of a database.
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
The following tutorial was made with a linux system ( kali linux ).
First we need a target to do this ,
go to your test website in this example we have used a PHP one, we then navigate between pages, when you see ” php? Id ” in the address bar , copy the address.
open your terminal and type this :
sqlmap –u www.site.com/product.php?catid=5 – -dbs
when sqlmap is done, it will tell you the Mysql version and some other information about the database.
At the end of the process , it will show you databases that it has found.
to see tables that are located at the database we gonna type :