1. find your target using Google Dorks. Here's all the Google Dorks list,
2. pick one of your prefer Google Dorks and start searching using all those query with, 'inurl:' at beginning of your queries.
ex,
inurl:read.php?id=
you can combine like this for looking specific domain,
inurl:prod_detail.php?id= site:.mn
3. pick your lucky victim by click their link.
4. test your victim is vulnerable with sql injection or not by put (') quote character at end of url line.
ex,
http://yourtarget.com/read.php?id=359237' <----- see this ' char? put that at the end of url line
5. if your victim is vulnerable with sql injection it will show output like this,
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/ctrekker/www/whattowcar/read.inc on line 40
or,
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/www/web182/html/verticalinfo/en/read.php on line 38
6. open your Havij app
7. put your target URL,
ex,
http://yourtarget.com/read.php?id=359237 <---- this time without ' character
8. click analyze and wait
9. once done, click "Get DBs"
10. click, "Tables"
11. or… just feel free to have some fun…. >;)
No comments:
Post a Comment