SQL Injection Using Havij - Full Tutorial

Last time I discussed the latest release of Havij. See it here.

In this tutorial we will discuss the automated SQL Injection technique of Havij that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

We will use google dorks to find the vulnerable websites, there is a big list of google dorks which I will post in my future posts but at this time we will only use the following:

Code:

nurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

Just search google using one of the dork and you will see a lot of vulnerable websites.

Open any one of the website than put ‘ after the link look:

If you get the following SQL error, that means the website is vulnerable to SQL-injection attack.



Now here i found a vulernable site - [You must be registered and logged in to see this link.]

Now Let's start

Open havij and copy and paste infected link as shown in figure.


Now click on the "Analyze" button.


Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.

Then after get it's database is name like xxxx_xxxx

Then Move to another operation to find tables by clicking "tables" as figure shown.
Now click "Get tables" Then wait for sometime if needed.


After founded the tables, you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure.



In that Just put mark username and password and click "Get data"


Bingo Got id and pass that might be Admin.

The pass will get as md5 you can crack it also using this tool as shown in figure...


I hope this will prove to be useful.

Feel free to ask your queries regarding Havij.

Great Thread !!

Thanks but I have to ask a question that how to find vulnerability in any site....I mean there are Millions of sites out thr...so finding few vulnerable sites is not a big deal ryt....But how to find vulnerabilities on a particular site ???

and how to get the login page for this usernames and password cause the s/w is aint able to find the admin page !!!

and one more thing this sqlI attacks these are attacks based for sites with items or elements categorized right ?? How to attack on some normal site with just a Login Page(Exactly I am asking about Input Validation attacks and getting into sites,"normal sites"). e.g : 122.160.168.146/websimums(I just fun googling with IP adds and found this one) Now I wish to ask how to get into some sites like this ???

For finding vulnerability in a particular site, proves to be the best tool once again.

Suppose that we have a website [You must be registered and logged in to see this link.] which is likely to contain SQL errors on its pages.

In order to find such errors we can use page finder Google dorks in different ways.

For example:

Code:

site:[You must be registered and logged in to see this link.] intext:"Warning: mysql_fetch_array()

Such dorks will show you the exact page in the site which contains vulnerability.

Now, as there are many types of vulnerabilities, you cannot be sure that which dork is gonna work for a particular site.
But if you have a good understanding of SQL queries, you can do that easily.

Here are some common dorks to find errors on pages:

Code:

intext:"Warning: mysql_fetch_array()

intext:"Warning: getimagesize()

intext:"Warning: session_start()

intext:"Warning: mysql_num_rows()

intext:"Warning: mysql_query()

intext:"Warning: array_merge()

intext:"Warning: preg_match()

intext:"Warning: ilesize()

intext:"Warning: filesize()

intext:"Warning: mysql_fetch_assoc()

intext:"Warning: is_writable()

intext:"Warning: Unknown()

intext:"Warning: mysql_result()

intext:"Warning: pg_exec()

intext:"Warning: require()

I hope this was helpful.

Feel free to ask if the doubts persist.

Okay thanks i got you ........but what if the vulnerability is ain't a sql type ?? I mean if the vulnerability is to be tested for a web application wch is the only service running on that ip then how to scan that for any kind of vulnerability and all ....

One more thing apart from sql vulnerability what can be the other type of vulnerability most likely to be found or to be searched for in a site ???

in advance and for the previous one too........ :)

For that I will post an article about Vulnerabillity Assesment Tools soon.

Found everything ...


Username - hypetrading
Password - putanginamo

but can't find admin page... :(

bro waiting for the Vulnerability Assessment Tools post

arush.sal wrote:

bro waiting for the Vulnerability Assessment Tools post

Thread posted. Check it out here.

Feel free to ask if doubts persist.

Hello sir, I've tried these and I've found error on a wevsite but when I use the havji it always shows these error
MySQL error based injection method cant be used!
MsSQL time based injection method can't be used
MySQL time based injection method can't be used
It seems that input parameter is not effective! Check the following:
Are you sure input parameter really exist?!
Are you sure the input value '3' is valid?
Are you sure the 'GET' method is correct?
Hope I can try atleast one. Thanks

puto wrote:

Hello sir, I've tried these and I've found error on a wevsite but when I use the havji it always shows these error
MySQL error based injection method cant be used!
MsSQL time based injection method can't be used
MySQL time based injection method can't be used
It seems that input parameter is not effective! Check the following:
Are you sure input parameter really exist?!
Are you sure the input value '3' is valid?
Are you sure the 'GET' method is correct?
Hope I can try atleast one. Thanks

hi this mean u r not able to get database or hack that database.

thanks for this tut but how do you do strongbox sites and ocr