SQL
injection is an attack in which malicious code is inserted into strings that
are later passed to an instance of SQL Server for parsing and execution. Any
procedure that constructs SQL statements should be reviewed for injection
vulnerabilities because SQL Server will execute all syntactically valid queries
that it receives. Even parameterized data can be manipulated by a skilled and
determined attacker.
SQL Injection can be done by manually injection or via
automatic tools. Automatic tools are easy to use and do not require much
technical knowledge.
In
this tutorial we will discuss Havij. Havij is an automated SQL Injection tool
that helps penetration testers to find and exploit SQL Injection
vulnerabilities on a web page.
Requirement
1.JSky
software
2.Havij
software
Step 1-->
find out the SQLi vulnerability into the website using JSky software
step 2-->
step 3-->
step 4-->
step 5-->
step6-->
game is over
No comments:
Post a Comment
Note: only a member of this blog may post a comment.