SIMPLE Exploiting of MySQL PHP site using Kali (For Beginner)
Hey guys so here is a simple beginner's tutorial on exploiting a website.
First of all you want to find a website that has the ending URL of ID=1,
next test if the server is exploitable by adding a ' at the end of the URL to see if an error occurs.
If there is a error, it means that the website that you have is vulnerable to the exploit.
Next, you want to open up Kali Linux and get your terminal open.
Type in the terminal the following:
Code:
sqlmap -u "YOUR URL" --dbs
With that done, you will see the DBs that are available for the website.
Most of the servers default will have a database which named like "DB10284214" or something along the line.
Now in order to view the tables in the Database you will need to type the following
Code:
sqlmap -u "YOUR URL" -D "DATABASE NAME" --tables
Once you have typed that, it will show a list of tables IN the database that you enter. Now proceed on with getting the columns of the table by doing so.
Code:
sqlmap -u "YOUR URL" -D "DATABASE NAME" -T "TABLE NAME" --columns
Now you can see the columns inside. Most of the time if you do it correctly and if the server admin is lazy, you should get the same result as me. I would normally get into the database which shows the Username and password. Now enter the following code to retrieve the actual username DATA from the columns.
0 Comments:
Post a Comment