Skip to main content

SQL Injection Attack Using JSQL Injection Tool


JSQL is a lightweight application that is inbuilt in kali linux but it is open source and platform independent  (Windows, Linux, Mac OS X, Solaris).  used to find database information from a distant server. This is another injection tool just like SQLMAP but is a lot more user friendly cause SQLMAP is command line based whereas JSQL is Graphical User Interface(GUI) Based. If you guys haven't seen the article and tutorial on SQLMAP then click here. JSQL is more convenient and more easier to use as no commands will be used to perform injection. As JSQL is platform independent interested people can download it in their respective platform or can use it easily if they are using kali linux. In this tutorial i am going to use kali linux and JSQL is already installed in kali linux. JSQL is under Application-> Database Assessment-> JSQL Injection. 

First thing that we will require is the url of the website that we want to hack the database or perform sql injection attack. We are going to use the same website that we used in SQLMAP tutorial that is http://testphp.vulnweb.com for demonstration purpose. 

Put the Url of the website in the url tab of the tool as per displayed in the picture. Once the Url is inserted we just have to click on the arrow to start the injection process. The actual procedure will happen in the background of the tool hence even non technical person can perform injection using this method. In case there is no result we have to do slight modification in the url to obtain result.
Normal Url:- http://testphp.vulnweb.com/artists.php?artist=1
1st Url change Try:- http://testphp.vulnweb.com/artists.php?artist=-1 
2nd Url change Try:- http://testphp.vulnweb.com/artists.php?artist=-1'
3rd Url Change Try:- http://testphp.vulnweb.com/artists.php?artist=1' \

 The changes in the url can be done to get an output or get information about the website. I have already discussed this in detail in another sql injecction tutorial. To get detail info about the url change click here. Since everything is JSQL once the injection process gets completed we will get a result in the form of databases. We can then click on the respective database and access tables and respective columns as well with the help of mouse. 
If we want to view the particular column then we can do it by marking the particular column with a check mark and then right click on the table and then load. It will show the  data inside that particular column.

Similarly we can do it with any column of our choice. It is a very simple task that can be done by anyone. As i have already told in my previous sql injection articles different people use sql injection for different purposes, so it literally depends upon the attackers perspective. If SQL injection attack is done by a hacker then it can be for a harmful purpose of either stealing or damaging the data, if performed by an ethical hacker or penetration testers can be used for vulnerability assessment , penetration testing or even finding loopholes in the website.

Labels:

Comments

Post a Comment

Popular posts from this blog

Wireless /Wifi(WEP/WPA/WPA2) Password Cracking Using Dictionary Attack With Aircrack-ng (Kali Linux)

Tools Used:-Aircrack-ng In the present context of networking, WEP is not used cause it is the weakest and easy to crack through the network. WEP/WPA2 are the most used encryption tools to secure the wireless connection.   The most common way of getting past or cracking through WEP and WPA secured wireless connection is through the use of captured handshake. When you want to hack wifi, you need to capture “handshake”. The handshake is the connection of personal computer and wireless network, it is when network packet and personal computer packets meet each other. If you capture handshake then with a handshake you do not need to be in wifi range anymore, you can hack password with handshake and wifi name. Now you need to capture all the packets that are sent through the wifi router and all personal computers in the network . Step1: airmon-ng  This step is done before anything else is done in order to know your wifi interface name. Check the running process and  ...
1 comment
Read more

Making Own Dictionary Using Crunch Commands For Dictionary Attack (Kali linux Tool)

Making own dictionary from words not listed in the normal English dictionary can be helpful specially for people who want to crack passwords based on some person's name, surname or native language words( Example Nepali word, Hindi Word etc). Since most of the word list that are used to hack into a system or crack passwords contain words from English dictionary, passwords such as name of person, surname of person, pet-name and specially words of native language aren't included in that word list as they aren't defined in the English dictionary. This is one the most crucial drawback of dictionary attack. Apart from selective words problem, dictionary attacks usually take lot of time cause they attempt all the words present in the word-list as passwords to crack the authentication system. If we make our own dictionary then it will also help in saving time. But making our own dictionary can only be helpful to only those people who have a hint to what the password might be an...
1 comment
Read more

SQL Injection Attack Using SQLMAP Tool In Kali Linux

In current context of digitized  world where everything is done over internet, lot of information can be found online. The data can either be private to people or can be public to everyone with no privacy. Everyday lots of data are getting stored in different databases of different websites throughout the world and it is becoming harder to store and protect the data from evasion at the same time. Unauthorized access to such databases can lead to leak of large amount of confidential information related to a person or even an organization. Hackers tend to steal a lot of information through such database by getting either getting authorized or unauthorized access. One of the most common method to get an access to the information's available in a websites database is SQL injection based attacks.  SQL Injection is a type of an  injection  attack that makes it possible to execute malicious SQL Statements.  With the right set of queries, a user can gain access, u...
Post a Comment
Read more