SQL injection with Havij and Poison

Hello,

Today I will be showing how to do MySQL Injection with Havij. This will be explained in steps and pictures. Have fun watching!

Step 1: Finding a vulnerable website.

1.1 - Open up the program and you will get this window.

1.2 - Once that's open, you will have to select a dork. I am using a PHP dorp in this example. After you have selected the desired dork press on Scan and it'll show the results in the Result Pane.

1.3 - Now you want to send the results to the Sqli Crawler. You can do this by rightclicking in the Results Plane and select "Send to Sqli Crawler -> All"

1.4 - Now the Sqli Cralwer tab will open and all you have to do is press Crawl and it will check if the website is really vulnerable to SQL Injection.

1.5 - Now you have to press Export Results and place it somewhere where you can open it later.

---

Step 2: SQL Injection with Havij 1.15 Pro

2.1 - Open up Havij v1.15 Pro and enter the desired url. Then press Analyze and program will try to find the database. After he found a database click on Tables to view it.

2.2 - Click on the database that the program found and click on Get Tables. If there is no information_scheme then he will try to guess the tables for himself. Leave it running and wait for it to complete.

2.3 - So once that's done click on the desired Table. For me this will be users since I am more interested in that then articles. Click users and press Get Columns.

2.4 - Now that we have found the tables we want to see the data it holds. Select whatever table you want and press Get Data. Some databases has a lot of data in it and some don't. Please be patient while letting the program fetch the data.

---

Download:

- Sql Poizon v1.1 - The Exploit Scanner
- Havij 1.15 - Advanced SQL Injection

---

Well this is the end of the tutorial. It took me a good 30 minutes to write. I hope you guys enjoyed the tutorial and looking forward to write more tutorial for HF in the future.