Friday, 15 November 2013

SQL Injecting In A Website Using Sqlmap In Post Parameter's

Hello Friends :D

Its been a long time since I post :P so here come's a new tut :D
Well We have seen many Injectors whom are hacking websites/servers using a Technique Called SQLi ( Structured Query Language Injection ) manually or by the help of some tools :D
so I thought to make a TUT on How to Inject A Website with Sqlmap Onto A "POST" Parameter :P
Yup not in GET parameter :D
so Let's Start :D

Requirements :

1) FIREFOX
3) BASIC KNOWLEDGE OF SQLi

First of all Find a target which is using a VULNERABLE form so that we can Inject it with the help of SQL map :D so in my Case I have my one :P


Now let's check whether our web based form is vulnerable to SQLi or not? Open your firefox Browser and press F9 key to enable the hackbar and also enable post data like this :



After doing that post something in the Roll Number field to get the POST Parameters well I have a Valid Roll Number (111111) Of A Student xD so lets post it and check what we got and afte clicking the submit Button load the url Again with the help of Hackbar so that It will show you the POST parameters like this :D


Good Going Now lets add a Single Quote ( ' ) in post parameter field which is "rollno=111111" lets seee what we get :?


So its Vulnerable :D now let's do some SQLmap Kung FU :D open up your Sqlmap and use this command :D

python sqlmap.py -u "http://delhiboard.org/10thresult.do" --data "rollno=111111&s_result=Submit" --dbs

SQLmap will directly start to Inject the post parameter which you have provided :D


Voila We have the DB's :D so now inject the website with the default commands ;) hopes you like my simple tut if you are facing any problem or want any sorf of help regarding TUT just drop a comment below hopes you like it :)

WELLLL WAIIT 1 MORE THING "YOU CAN INJECT THE WEBSITE MANUALLY ASWELL xD" 

Babye

3 comments :