What's it MySQL?
MySQL is a Database , we can store any information for users data, admin, products , Other......
Is this the Mysql contains a loophole?
Yes, but not the all data bases . the Databases contain a loopholes is Vulnerable to get the databases informations it's easy to get any infos on the website EX : Usernames , Passwords , Credit Cards ...
How do you know that the site infected with this gap?
its easy add ' to the website parameter id
Example : http://www.charteradvisors.com/corner-detail.php?id=12
1)the Normal Website contain parameter id
2) When i add ' to the link the error message appear, the website is infected!
How i can to hack this website ?
and lunch it
-------------------------------------------------------------------------------------------------------
Step 1 :
put the infected website on havij
Step 2: get Tables on Database
search on : user / admin / xxxxadmin /xxxxuser
and get columns
Step 3 Select Columns and Get Data:
0 commentaires:
Enregistrer un commentaire