SQL Injection is a very familiar for every penetration testers.
SQL Injection or SQLi is a type of an injection attack which makes possible to execute malicious SQL codes. Those codes can control a database server. Attacker can use SQL vulnerabilities to bypass the security of a web application, and they can access the database of web server. This attacks comes in public in the year 1998 in a article in "Phrack" magazine. So we can call it very old vulnerability. New web applications are almost free from SQLi vulnerabilities.
SQL Injection or SQLi is a type of an injection attack which makes possible to execute malicious SQL codes. Those codes can control a database server. Attacker can use SQL vulnerabilities to bypass the security of a web application, and they can access the database of web server. This attacks comes in public in the year 1998 in a article in "Phrack" magazine. So we can call it very old vulnerability. New web applications are almost free from SQLi vulnerabilities.
But their are billions of old websites are still have the fault in SQL. Anyone can easily find those websites using "Google dorks".
Find our more from these articles:
https://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/
https://gbhackers.com/sqlmap-detecting-exploiting-sql-injection/
SQL injection is a very easy attack, even a 4 year old can perfrom this with the help of some automated tool like haviz, but advanced SQL injection is not so easy but here we have a tool that make easy normal and advanced SQL injection quite easy. The name of the tool is LazySQLi.
This is written in bash and it is very user friendly and easy to use. At first we need to clone this tool from github to do that we open our terminal window and type following command :
The following screenshot is the output of preceding command:
Now we need to go to the directory by using cd command, and then ls command to see the files in the directory,as following:
The screenshot is following:
Now, we need to give executable permission to the file by using following command:
This tool is specially made for Termux environment but we gonna use it in Our Kali Linux system, so we need a little bit configuration. We open the bash script with leafpad by using following command :
Then we change the first line to #!/bin/bash whatever it is. Check the following screenshot:
Then save the script and close leafpad.
Now run the bash script by using following command:
Output of the preceding command is following:
Now we are going to install the requirements by pressing 1, this is for first run only. This may take some time depending on internet speed.
The screenshot is following:
After successfully installed we need to run again this tool by using ./lazySQLi and select option 2 :
The screenshot is following:
Here we can see lots of types are SQL injections are available, normal injection and advanced injection are supported.
Enter our choice (type of injection) and enter vulnerable website and then the automated script will RUN.
This is written in bash and it is very user friendly and easy to use. At first we need to clone this tool from github to do that we open our terminal window and type following command :
The following screenshot is the output of preceding command:
Now we need to go to the directory by using cd command, and then ls command to see the files in the directory,as following:
The screenshot is following:
Now, we need to give executable permission to the file by using following command:
This tool is specially made for Termux environment but we gonna use it in Our Kali Linux system, so we need a little bit configuration. We open the bash script with leafpad by using following command :
Then we change the first line to #!/bin/bash whatever it is. Check the following screenshot:
Then save the script and close leafpad.
Now run the bash script by using following command:
Output of the preceding command is following:
Now we are going to install the requirements by pressing 1, this is for first run only. This may take some time depending on internet speed.
The screenshot is following:
After successfully installed we need to run again this tool by using ./lazySQLi and select option 2 :
The screenshot is following:
Enter our choice (type of injection) and enter vulnerable website and then the automated script will RUN.