Hack Database Through Web Browser
SQL Injection Attack I
In sql injection attack , attacker inserts malicious sql statements to control database of web application
Sample website – testphp.vulnweb.com
Step 1 – Get a link in web application
Step 2 – Check For error message
In above figure , we can see that server is providing sql error message . It indicates that website is vulnerable to sql injection.
Step 3 – Get Information about number of columns inweb application
Now using 1,2,3 we are getting webpage but on 4 it changes . it means that there are 3 columns
Step 4 – Get Information about Tables in database-
Step 5 – Get Information about Columns in users table –
We found table names in previous step. NEdit Siteow pick one table – user from it and find columns
Step 6 – Get Username and password from uname and pass column –
We found column names in previous step. Now pick columns and find data inside it.
Find Username –
Find Password –
Step 7 – Now login in website as admin –
Open http://testphp.vulnweb.com/login.php page and type username – test and password – test
You can see in above figure that we have successfully logged in as admin using sql injection attack.