In my previous article, I provided you 4500+ Google Dorks list which you can use to find sensitive details about websites using simple Google search. That Dorks list contains google dorks to detect vulnerable sites, servers, files/directories of a website containing sensitive data (for ex, database name, username/password, etc.) etc.
Consider this article as the extension of previous one towards the direction of hacking a website using SQL injection (SQLi). Here, we are first going to find SQL vulnerable websites using Google Dorks and then use that vulnerability to find confidential information like user info, billing info, credit card details, email address and even website’s username / password.
How To Find SQL Vulnerable Websites for SQL Injection (using Google Dorks)
Use any Google Dork which is focused on dynamic web files .php or .asp followed by parameter attributes like ?id=, ?category=, ?decl_id=, etc. Some examples of such Google Dorks are:
- inurl:php?id= <br/>
- inurl:product.php?mid=
- inurl:/articles.php?id=
- find more here
Let’s use inurl:php?id= <br/> Google dork. Put it in Google search bar and hit enter. Visit website URLs appearing in search results one by one.
Add (‘) or (‘=) without parenthesis at the end of each URL and visit the site. If this modification in URL redirects you to the homepage of website or shows any error statement like You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”5084”’ at line 1, consider the website SQL vulnerable.
The idea is to invalidate SQL query the website is performing while calling data for a specific URL. Apostrophe (‘) and Apostrophe followed by equal to symbol (‘=) are trying to invalidate SQL query of target URL.
In my quick search, I found radiomiriam.com.br SQL vulnerable at this URL – http://www.radiomiriam.com.br/noticia.php?id=5084 as, upon adding quote (‘) to the end of URL and then visiting the new URL prompted me this error screen:
You can see the same error screen or this error message at the top of target website’s webpage.
Now, we have found a SQL vulnerable URL of target website, our next step is to use this vulnerable URL to perform SQL injection on the website and fetch confidential data.
For doing this, either hard code knowledge over SQL commands is required or your need to use a software that can perform SQL Injection for you. There are lots of complex software available online which only PRO can handle. One software I found best for even noob to perform SQL Injection (SQLi) in vulnerable website is Havij. It’s very smart software which performs SQL Injection in SQL Vulnerable websites automatically. All you need to input is the SQL Vulnerable URL.
Doing SQL Injection (SQLi) using Havij Pro
To perform SQL Injection in target website, we are going to use Pro version of Havij SQL Injection Tool as in free version, we are going to miss some very essential features. Well, if you want you can do a quick search to download free version of Havij automatic SQL Injection software or just be smart and download Havij Pro free using below URL.
Havij Pro 1.15 Full Version Free Download Link (Mediafire Link)
To extract downloaded RAR file, use the password – havijpro
Steps To Perform SQL Injection Using Havij Pro SQL Injection Software
Step 1 – Run Havij.exe The software will open this window for you. At ‘Target’ field above enter your SQL vulnerable URL – http://www.radiomiriam.com.br/noticia.php?id=5084
Step 2 – Hit ‘Analyze’ button here.
Havij will start SQL injection to the target URL you have provided.
It perform queries to analyze IP, web server, PHP version, Database MySQL version. Then, using Insertion type (‘) string, it proceeds to find column count, column string, finally Database name. ( Check LOG window)
After it finds out Database name, Status becomes Idle saying “I’m IDLE”.
Step 3 – Now, from above, go to Tables >> Get Tables. Make sure, the database is selected in the respective screen.
Havij Pro will fetch all the tables for the selected Database.
Step 4 – Tick the table which you finds important regarding your aim and click Get Columns button. For example, here, I want to know username, password and email ID of this site. So, I have to tick ‘admin‘ and ’emails’ table and then click ‘Get Column‘ button.
This step reveals all the columns in selected table.
Step 5 – Finally, select important columns of a table (for ex., admin) and click “Get Data” button.
In my case, admin table has columns – id, nome (name), email, senha (password), and nivel (level). (Website is Spanish) As all these columns’ details are important to me so, I selected them all and clicked “Get Data” button.
Hence, you can see the result that name, email, password, user ID everything is revealed. Havij Pro have SQL Injected the website and if a hacker want, he can just go ahead using these important confidential information to hack a website.
Hacking a site through SQL Injection used to be very tricky and only highly experienced coders could perform this hacking but thanks to Havij, it can teach even a high school kid to hack a website.
If you have any problem in following the above procedure to hack a website through SQL Injection, please share it in comments below. Do you know any other powerful way of hacking? Let us know!