Havij... A Tool to hack the website with SQL Injection

As we have seen in our previous post that how to use Several SQL queries in the infected URL to get the database details and tables. Now the same results we can find the same results with many automated tools. One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Supported Databases With Havij

• MsSQL 2000/2005 with error.
• MsSQL 2000/2005 no error union based
• MySQL union based
• MySQL Blind
• MySQL error based
• MySQL time based
• Oracle union based
• MsAccess union based
• Sybase (ASE)

Many of the features will not be available in free version, but still for learning purposes this tool is very useful.

Note:- This tutorial is being carried out on demo test site provided by ACUNETIX, You can also try on the same website as discussed below. 

Step1: Find SQL injection Vulnerability in tour site and insert the string (like http://testphp.vulnweb.com/product.php?pic=1) of it in Havij. Now click on the Analyze button as shown below. 

Step 1

Step 2

Step2: Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture. 
Step3: Now click on the Tables button and then click Get Tables button from below column as shown below: 
step 4: Now select any one Table and then click Get columns button as shown below: 

Step 3

Step 4

step 5: Now select desired columns and click on get data to get the result as shown below:

Step 5

Disclaimer:- This post should be used only for the learning purposes and with the permission of the admin of the application. The admin of this blog don't hold any responsibility if the readers do any malicious activity on any third party application.