Thursday, February 2, 2012

the mole SQL injection tool tutorial

we all know that sql injection has been a biggest threat to all the websites one the internet
so we have sql injection tools to make our work easier some are gui some are CLI todat we have the mole name is pretty good lol but i am sure you will love this tools its damn easy to use on windows or linux. now i am posting a tutorial that will make you understand how to use it
STEPS

  • get a vulnerable site 
  • get a keyword(string)
  • get the mole from here
  • then open it and enter url 
www.site.com/index.php?ID=2

  •  then get the keyword found in that site and put it like this 
 needle keyword 

  • then type
schemas

  • now it will try to inject and if its vulnerable then i will get database info,database name etc and other sensitive informations
  • now to get tables from a data base type this. where db_name is your database name 
tables db_name 



  • then to get columns from a table type this 
columns DB_name table_name 

  • now you will get columns, to get that juicy data type, column name are seperated by comma (,)
query db_name table_name column1,columns2

  •  then copy data and use like you want, and there are some more functions that you can use like read file,dbinfo,headers,cookies,etc this is only a basic tutorial if you dont get this goto this video directly press tab to get all functions 



Any problems ask in comments

1 comments:

Anonymous said...

how to copy data about 1000 rows?

thanks

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More