Steps To Perform SQL Injection Using Havij Pro SQL Injection Software
Step 1 – Run Havij.exe The software will open a window for you. At ‘Target’ field enter your SQL vulnerable URL – http://www.radiomiriam.com.br/noticia.php?id=5084
Step 2 – Hit ‘Analyze’ button here.
Havij will start SQL injection to the target URL you have provided.
Havij analyzing Target Site
It perform queries to analyze IP, web server, PHP version, Database MySQL version. Then, using Insertion type (‘) string, it proceeds to find column count, column string, finally Database name. ( Check LOG window)
After it finds out Database name, Status becomes Idle saying “I’m IDLE”.
Step 3 – Now, from above, go to Tables >> Get Tables. Make sure, the database is selected in the respective screen.
Havij Pro will fetch all the tables for the selected Database.
Step 4 – Tick the table which you finds important regarding your aim and click Get Columns button. For example, here, I want to know username, password and email ID of this site. So, I have to tick ‘admin‘ and ’emails’ table and then click ‘Get Column‘ button.
This step reveals all the columns in selected table.
Step 5 – Finally, select important columns of a table (for ex., admin) and click “Get Data” button.
In my case, admin table has columns – id, nome (name), email, senha (password), and nivel (level). (Website is Spanish) As all these columns’ details are important to me so, I selected them all and clicked “Get Data” button.
Username Password Hacked Using Havij Pro
Hence, you can see the result that name, email, password, user ID everything is revealed. Havij Pro have SQL Injected the website and if a hacker want, he can just go ahead using these important confidential information to hack a website.