Step 2 - Next you will need to pick a specific "dork" I'm going to be using ASP with dork ; ".asp?bookID=" you can (enter it into the search box the type of dork you're looking for. This tutorial doesn't require this specific dork, you can chose one to your own preference. So now our stage process should be as shown below.
Step 3 - Now you will need to press the scan button, make sure to press "Remove duplicates".
Step 4 - Once you've completed "Step 3" the next thing you will need to do is right click your list (the white part) and press "Send to SQLI Crawler" as so.
Step 5 - Once in the SQLI Crawler you will need to press "Crawl" this will find you the vulnerable links from the ones you just just imported, this didn't work for me as good as I was hoping. It should look like the following.
step6 - Once your list is populated you have now got yourself some vulnerable sites to SQL inject.
I would of continued the tutorial into more depth of executing SQL injection with this tool but there's already tutorials around that you can use. If you need any help with SQL injecting/uploading a shell just PM me, I'll be more than happy to help. I know you might think this tutorial is well pointless but it's a simple way of finding vulnerable websites whilst using some of the best dorks. Oh and before you guys say isn't it better just using "Google" well in my opinion no, this method tells you if its vulnerable and gives you over +50 sites at a time which will keep you busy.
I hope you liked this tutorial and remember whenever hacking/exploiting sites always use a proxy to hide yourself, here's a few proxy's that I use.
http://www.hidemyass.com
http://www.newipnow.com
http://www.xitenow.com/ (best in my opinion)
Download (Survey free); http://www.mediafire.com/?dtnolcj562ca6ss
www.tricksdevelopers.blogspot.com
No comments:
Post a Comment