This is my post at hackers club friends, I am very glad and happy to write it. I have heard a lots of people nowadays ask on How to Check SQL Injection I hope you will really enjoy it So Today I'm learning SQL injection (SQLi) indepth so I will try teaching you guys a little of that as well.SQLi is the most popular attack on any website these days.There has been an enormous increase in SQL programmers and websites,and the biggest problem with SQL is "Either your perfect/hacked".Due to poor coding programmers often leave vulnerabilities in their site and hackers its our job to inform them and patch them up.So lets see
how to check if a site if vulnerable to SQLi
Since this is still the basic,there is nothing much to do.All you have to is:
1.Get a site which uses SQL queries.For your convinc,in simpler terms it is any site which has "www.site.com/something.php?ex=43".You must have seen tons of such sites.Note: NOT all sites which have "=" use SQL queroes it might also use "PHP Get/Post method".
2.Once,you have a site like then just intersert a inverted comma(') like this "www.site.com/something.php?ex=43'".
3.If the site is vulnerable to SQL then it would return an error something like this.You might get an error like this "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' AND single_group = "S"' at line 1"
This error need not be the same always,as long as you get an error you can tell that the site is vulnerable to SQLi and its up to you to become a her and report to the site admin. Best Of luck
Download Havij 1.1.5
Havij is the one of the best tool for SQL injections which is used by most of the persons to hack website databse. This is a nice automated tool which takes tha URL and give you complete database of the website
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
What's in this- Webknight WAF bypass added.
- Bypassing mod_security made better
- Unicode support added
- A new method for tables/columns extraction in mssql
- Continuing previous tables/columns extraction made available
- Custom replacement added to the settings
- Default injection value added to the settings (when using %Inject_Here%)
- Table and column prefix added for blind injections
- Custom table and column list added.
- Custom time out added.
- A new md5 cracker site added
- bugfix: a bug releating to SELECT command
- bugfix: finding string column
- bugfix: getting multi column data in mssql
- bugfix: finding mysql column count
- bugfix: wrong syntax in injection string type in MsAccess
- bugfix: false positive results was removed
- bugfix: data extraction in url-encoded pages
- bugfix: loading saved projects
- bugfix: some errors in data extraction in mssql fixed.
- bugfix: a bug in MsAccess when guessing tables and columns
- bugfix: a bug when using proxy
- bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
- bugfix: false positive in finding columns count
- bugfix: when mssql error based method failed
- bugfix: a bug in saving data
- bugfix: Oracle and PostgreSQL detection
Download Here:http://www.filesonic.in/file/1898685311/Havij_1.15_Pro-By.ICF.rar
