According to a survey the most common technique of hacking awebsite is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.
One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.
Supported Databases With Havij
Demonstration
Now i will Show you step by step the process of SQL injection.
Step1: Find SQL injection Vulnerability in tour site and insert the string (likehttp://www.target.com/index.asp?id=123) of it in Havij as show below.
Step3: Now click on the Analyse button as shown below.
Now if the your Server is Vulnerable the information about the target will appear and the columnswill appear like shown in picture below:
Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:
Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.
Countermeasures:
Here are some of the countermeasures you can take to reduce the risk of SQL Injection
1.Renaming the admin page will make it difficult for a hacker to locate it
3.Use a Intrusion detection system and compose the signatures for popular SQL injection strings
4. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.
One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.
Warning - This article is only for education purposes, By reading this article you agree that HWA is not responsible in any way for any kind of damage caused by the information provided in this article.
Supported Databases With Havij
- MsSQL 2000/2005 with error.
- MsSQL 2000/2005 no error union based
- MySQL union based
- MySQL Blind
- MySQL error based
- MySQL time based
- Oracle union based
- MsAccess union based
- Sybase (ASE)
Demonstration
Now i will Show you step by step the process of SQL injection.
Step1: Find SQL injection Vulnerability in tour site and insert the string (likehttp://www.target.com/index.asp?id=123) of it in Havij as show below.
Step3: Now click on the Analyse button as shown below.
Now if the your Server is Vulnerable the information about the target will appear and the columnswill appear like shown in picture below:
Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:
Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.
Countermeasures:
Here are some of the countermeasures you can take to reduce the risk of SQL Injection
1.Renaming the admin page will make it difficult for a hacker to locate it
3.Use a Intrusion detection system and compose the signatures for popular SQL injection strings
4. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.
1 comments:
CLASSIC CYBER NOTCH
How well are you prepared for a Cyber incident or Breach?, Is your Data safe?
Strengthen your Cybersecurity stance by contacting CLASSIC CYBER NOTCH @ GMAIL DOT COM for a Perfect, Unique, Classic and Professional Job in Securing your Network against all sort of breaches and from scammers as well.
For we are Specially equipped with the Best hands to getting your Cyber Hack needs met as your jobs will be handled with utmost professionalism.
We do All type of cyber Jobs such as:
☑ TRACKING of GPS location, cars, Computers, Phones (Apple, windows and Android), e.t.c.
We also Track
E-MAIL account,(G-mail, Yahoo mail, AOL, Proton mail, etc.)
SOCIAL MEDIA account, (Facebook, Twitter, Skype, Whatsapp, e.t.c.)
☑ RECOVERY of Passwords for E-mail address, Phones, Computers, Social media Accounts, Documents e.t.c
☑ INSTALLATION of Spy ware so as to spy into someone else's computer, phone or E-mail address and also Installation of Spy ware software on your individual O.S to know if your Gadget is being hacked into..
We also Create and Install VIRUS into any desired computer gadget.
☑ CRACKING Websites, any desired gadget it computers or phones, CCTV Survelance camera, Data base (of both Private and Govt organization, such as Schools, Hospitals, Court houses, The FBI, NSA) e.t.c....
NOTE:
Other Jobs we do are:
☑ We provide Private Investigator service
☑ Clearing Criminal records of diverse type
☑ Binary Options fraud Recovery
☑ Bitcoin Mining
☑ Issuing of Blank ATM cards
☑ And many more... etc.
We assure you that your Job will be attended to with care and efficiency as it will be handled by the Best professional hands in Cyber literacy.
We also have a forum where you can get yourself equipped with Advanced hacking Knowledge..
CLASSIC CYBER NOTCH gives you the Best service in the Hacking world.
Be sure to 📱 💻 us @
Classic cyber notch at gmail dot com
any time, any day to get the Best Professional hands involved in putting a smile on your face.
We're Classic Notch
Signed,
Collins .A.
Post a Comment