• Diniz Martins

SQLiv | SQL Injection

Before we are doing the injection consult, of course we must ensure that the server or target has a database security hole. To find database security holes, there are several methods we can use. Among them, Google dorking, is used mostly by hacker and penetration testers. Luckily there is a tool that is able to do that automatically. But we have to install its tool first. The tool is called SQLiv (SQL injection Vulnerability Scanner).


Install:

Then run:

Resolve some dependencies:


Finding SQL Injection Vulnerabilities:


Quick reference:


Reverse domain and scanning:

- Do reverse domain and look for websites that hosted on same server as target url


76 views

Recent Posts

See All

WSL | NMAP not work!

Ever since the release of the Windows Subsystem for Linux, a years long unfulfilled hope of using Nmap in this environment still lingers. You can install Nmap (sudo apt-install nmap) in Bash but when

SQLMap

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection eng