Sunday, February 13, 2011
Anu
Download Havij v1.14
1.First Find a sqli infected site
2-Open havij and copy and paste infected link as shown in figure
3. Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx
![[Image: thirdk.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tQ4fgSQPT3B40dIV__DuF3w9KYLAPva6MLa63DTddSxxNzx0LdW4LH_JbJ2gwNK71KBkuxNFd-FFlr3U40PNDat_9iohLr7kTtm2BjvEc=s0-d)
4.Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed
![[Image: 37846594.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u21uzOZiVjOl-xVt-4w7d0TCdGg5L5mPSWyeTi_2eGbwIpJvOq09pBSva75DwqWXW8nk8b2D88tAmUCM6762URx8I3jkAGZ5EMzNCDsX_spBM=s0-d)
5. After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure
![[Image: 4tgh.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uU1DQZrjvr6dvcQfrw1qC4iUjHGIiKmaG1jEGg8scT9SPOYK2EDWLOC8EkEYxseNZ2uQc7KR5XB_YxQtFmn97ByTE9sLK9Gex8vS2-EpY=s0-d)
6. In that Just put mark username and password and click "Get data"
![[Image: 5tht.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sqeoijIgXK6pc0MP2AR-VGRWJhSjI4GAgPy-9yVFtnQ2jj1_G7ZuggtEtFA8EcJAKcEH4KF2sQohyQ4uAoQuTKhe1RePRbwdvqR6XVBQ=s0-d)
8. Bingo Got now id and pass that may be admin...
The pass will get as md5 you can crack it also using this tool as shown in figure..
![[Image: srfile201088142733796.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t3uw5tT2iedgDqod3RfmJokBGZY_mvXvuqrOsgbC1e6ALSJ9wsNLl1BMRg122U3_7vgXM3NPOSevt4ga7tkHj8zKKPvPpzQdTgTccsbogv-2N_wMkhv1ajWJU-EL-S=s0-d)
*************************************************************************
HOW TO FInD SQL VU SITES
GO HERE
Quote:http://lnk.co/GP51L
THE GREEN COLLOUR MEAN there is SQL Injection Vulnerability
like this in the pic
![[Image: 580714054.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tyR8VjMGSN3__D0b9tndWuNp85dQO8MSNxTZ5utLS2DtgN5hhnm2bQhG63k-dkvBOnDM4LLsiYF4P-Pc-kRIz6KgHCnPIavgiWk2ifBuicixBCsKA=s0-d)
SQL Dorks
Quote:Aqui les dejo unas cuantas Dorks para buscar webs vulnerables:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:lay_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:ageid=
inurl:games.php?id=
inurl:age.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:rtray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurlinions.php?id=
inurl:spr.php?id=
inurl:ages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:articipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:rod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:erson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:rofile_view.php?id=
inurl:category.php?id=
inurl:ublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:rod_info.php?id=
inurl:shop.php?do=part&id=
inurl:roductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:roduit.php?id=
inurlp.php?id=
inurl:shopping.php?id=
inurl:roductdetail.php?id=
inurlst.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:age.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:roduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:ffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
Posted in
