Havij Advanced SQL Injection

About Havij• Havij is a SQL Injection tool that helps penetration

testers to find and exploit SQL Injection vulnerabilities on a web page.

• By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.

About Havij

• The distinctive power of Havij that differentiates it from similar tools lies in its unique methods of injection. The success rate of attack on vulnerable targets using Havij is above 95%.

• The user friendly GUI (Graphical User Interface) of Havij and its automated configuration and heuristic detections make it easy to use for everyone.

What is SQL Injection?

• SQL Injection is common web application vulnerability due to insufficient validation on user

inputs. • An attacker can inject some SQL commands into the

original query written by the developer to change the result to what he/she wants and execute his/her commands.

• This work (injecting SQL commands) is called Exploitation that can cause sensitive data disclosure, changing data, deleting data .

• To find vulnerable sites we can use “Google dork”.• Google Dorks is just like searching on Google in

advance. It is mostly used by Search Engine Optimizers, Webmasters and bloggers.

• Google supports several advanced operators, which are query words that have special meaning to Google.

• Typically these operators modify the search in some way, or even tell Google to do a totally different type of search.

Finding vulnerable sites

Google Dorks index.php?id=

trainers.php?id=productDetails.php?id=buy.php?category=article.php?ID=play_old.php?id=declaration_more.php?decl_id=pageid=games.php?id=page.php?file=newsDetail.php?id=gallery.php?id=show.php?id=staff_id=newsitem.php?num=readnews.php?id=top10.php?cat=

Finding Vulnerable Site• Randomly open sites to test them for vulnerability. • For testing site insert into URL ‘ symbol, for example http://www.lacosteparfumsgift.com/offer.php?id=6984

Insert ‘ between “=” and “6984” like this http://www.lacosteparfumsgift.com/offer.php?id=‘6984

• If we get error in loading page then the site is vulnerable

• And if the page is loading normally then the site is not vulnerable.

Requirements

• Requirements for installing Havij:• Windows operating system• Havij setup file• Internet Explorer 5.5 or above• 8MB free space on hard disk

Havij Versions• Havij v1.10• Havij v1.11• Havij v1.12• Havij v1.13• Havij v1.14• Havij v1.15• Havij v1.16• Havij v1.17

Using HavijPut vulnerable site URL without ‘ symbol into “Target” field and press on “Analyze” button.

Using Havij• Havij analyzing target

• Retrieving tablesUsing Havij

• Retrieving tables

Using Havij

Using Havij• Finding Admin page

• Cracking hash

Using Havij

Summary

So, with help of Havij we could get site database information including site admin login and password.

THANK YOU