Ethical Hacking

In this tutorial we will discus how you can hack Facbook account password by phishing. Phishing is act of creating a replica of legitimate website for stealing passwords and credit card numbers etc. Here I will show you how you can create replica of facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password. First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “Facebook” in file name and select...

Blind SQL injectiontechnique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it...

Sqlsusis an open source MySQL injection and takeover tool, written in perl. It is used to test the vulnerability of web application. It uses stacked subqueries and an powerful blind injection algorithm to maximise the data gathered per web server hit.Using multithreading on top of that, sqlsus is an extremely fast database dumper, be...

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching...

So far i have written what is sql Injection, How to prevent SQL Injection? .  In this post, i am going to introduce a new SQLi tool for Pen Testers and Webmasters.The tool name is SQL Inject Me. What is SQL Inject Me?SQL Inject Me is Mozilla addon that is used to test the SQL Injection Vulnerability of Web Application.  It reduces the workload of Manual SQL Injection Test.  This is especially designed...

Hi webmasters and budding Pen Testers, I hope you read my article about SQL Injection. Our Aim is to provide Security, right? So here is the prevention techniques.Use Prepared Statements:Use prepared statements, parameterized queries, or stored procedures. Don't use Dynamic SQL. In Java you can use PreparedStatement() with bind variables  In...

WebApplication(Website) stores the information in database such as user info, admin info, and passwords. When the developer fails to handle escape characters and type, it results in vulnerable database. Hacking or accessing the database using this vulnerability is known as SQL injection. What an attacker can do? Bypassing Logins Accessing...