Saturday 8 March 2014

Find Vulnerable Website Using SQL Poizon

06:22    



What is SQL Injection?
SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.
OR
SQL injection is one of the popular web application hacking method.  Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the database.

What a hacker can do with SQL Injection attack?
  • Bypassing Logins,
  • Accessing secret data,
  • Modifying contents of website,
  • Shutting down the My SQL server.

How to Hack Website with SQL Injection:


Example picture for understanding the SQL Injection Attack
As we had discussed about How to Hack Website Using Havij SQL Injection in my previous article. Today i am writing article on How to find a vulnerable Website using SQL Poizon.

Firstly download the SQL Poizon from here. Open up the program and you will get the below shown window.


You will have to select a dork. I am using a PHP dork in this example, its your choice to select your desired dork, Press on Scan button, after scanning it will show the results in the Result Pane.


Now you want to send SQLi Crawler to the results. You can do this by right-clicking in the Results Pane and select “Send to Sqli Crawler -> All


The Sqli Cralwer tab will open and all you have to do is press Crawl and it will check if the website is really vulnerable to SQL Injection.


After pressing the Crawl button and you will see the result of the vulnerable sites below;


Now you can press Export Results to place them so use can use them later.

Now on, after finding the vulnerable links on the sites, if you want to proceed on and want to hack the site, then you can continue from Hack Website Using SQL Injection Attack with Havij from step number 4.

Note:Do Not Use Any Tutorial Of This Blog To Harm Anyone.This Is Only For Educational Purpose.


Full Version