Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.
-----------------------------------------------------------------------
Created by: Davit Mikaelyan
Reviewed by: Vladimir Soghoyan
Ogma Applications
Automating Google Workspace (GWS) & more with Apps Script
Havij
1. Havij Advanced SQL Injection Tool
Created by: Davit Mikaelyan
Reviewed by: Vladimir Soghoyan
Ogma Applications
2. About Havij
Havij is an automated SQL Injection tool that helps
penetration testers to find and exploit SQL Injection
vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By
using this software, user can perform back-end database
fingerprinting, retrieve DBMS login names and password
hashes, dump tables and columns, fetch data from the
database, execute SQL statements against the server, and
even access the underlying file system and execute
operating system shell commands.
Ogma Applications
2
02/4/2014
3. Downloading Application
First of all it is necessary to download and install application.
The download link is below:
http://itsecteam.com/products/havij-advanced-sql-injection/
Ogma Applications
3
02/4/2014
4. Finding vulnerable sites
To find vulnerable sites we can use “Google dork”.
Navigate to http://freetexthost.com/paz14e6za6 and choose one of dork,
f.e. “productDetails.php?id=“. Insert chosen dork into Google.
Ogma Applications
4
02/4/2014
5. Finding Vulnerable Sites
Randomly open sites to test them for vulnerability.
For testing site insert into URL ‘ symbol, for example
http://www.site.com/productDetails.php?id=10 .
Insert ‘ between “=” and “10” like this
http://www.site.com/productDetails.php?id=‘10
Ogma Applications
5
02/4/2014
6. Finding vulnerable sites
If we get error in loading page then the site is vulnerable
And if the page is loading normally then the site is not vulnerable.
Ogma Applications
6
02/4/2014
7. Using Havij
Put vulnerable site URL without ‘ symbol into “Target”
field and press on “Analyze” button.
Ogma Applications
7
02/4/2014
8. Using Havij
After analyzing ,click on “Tables”
->”Get Tables” for getting site database tables.
Havij analyzing target
Ogma Applications
8
02/4/2014
9. Using Havij
Select a table and press on
“Get Columns” button.
Ogma Applications
Select columns and press on
press “Get Data” button
9
02/4/2014
10. Havaji Summary
So, with help of Havaji we could get site database
information including site admin login and password
Ogma Applications
10
02/4/2014