![Sqli Anonfile Sqli Anonfile](https://pjsins.com/wp-content/uploads/2020/02/Dork-Generator-600x289.png)
If you want to go down the route of exploiting their admin panel you certainly can and could even potentially gain access to the site and root the server and use for your own purposes along with being able to then strip the data of every other website hosted on that server.Example: (MySQL): SELECT * from table where id = 1 union select 1,2,3Įxample: (PostgreSQL): SELECT * from table where id = 1 select 1,2,3īypassing WAF: SQL Injection - Normalization MethodĮxample Number (1) of a vulnerability in the function of request This table I have stumbled across appears to be for some type of admin login either with their CMS, shopping system or forum/blog. You should end up with something that looks like this:įor websites that have multiple tables (this has over 60) you will need to go through and keep searching until you find the one that is storing the user information. This will change your data dumper screen a little when it starts to gather the data from the columns.
![Sqli Anonfile Sqli Anonfile](https://redaksi.pens.ac.id/wp-content/uploads/2020/05/3-1.png)
Now you select the data you want to dump like the picture above and click the "dump data" button. The website I have chosen is a User:Pass type of website.
![Sqli Anonfile Sqli Anonfile](https://i.imgur.com/hbBJ9gn.png)
Now some websites may store their emails separately from the passwords (eg a forum that requires login via username and only stores emails for a newsletter) but this is still fine and User:Pass combo lists are still insanely useful.
![Sqli Anonfile Sqli Anonfile](http://contactpassa.weebly.com/uploads/1/3/3/7/133729642/554432804_orig.jpg)
Highlight over your chosen table and click "Get columns" This is the most likely place that the "email" and "password" columns will be stored and if we are looking to make a combo list that's exactly what we want. Notice how I have already highlighted and found the "ns_users" table. Some/a lot of websites/stores, etc will use prefixes too such as "pvt_users" "forum_members" etc.ħ) When you have generated all the tables for your chosen website, you will then presented with something that looks similar to this: You are usually going to be looking for something along the lines of "users" "customers" "members" "logins" that type of thing. This will start to pull through all the tables within that specific database. You need to click the database name and then click the "Get columns" button. In your list you will see the database name for the MYSQL database the website you are exploiting is using. Once this has finished running and checking all of the sites from your "scanner" list you can either double click any of the websites or right click and then click "Go Dumper"Ħ) You will be taken to the dumper module, which looks like this: Set the threads (I usually use 200) and click "Start Exploiter"ĥ) You will eventually see websites starting to fill up in the SQL Injection section of SQLi DumperĪgain the speed of this process completely depends on your internet speed and overall performance of your PC. You can leave it for a couple of hours to a couple of days.ģ) You will have noticed that your 'Scanner' option on the left hand side has started to go up as mine does in the image below showing 23K links.Ĥ) Click into your SQL Injection tab on the left hand side.
#Sqli Anonfile Pc#
If this is your first time using the program then the second part of the program where you see "https" in a list will be blank for you, this is normal.Ģ) Now you are ready to start scanning, so in the bottom left of the program where it says "Start Scanner" with a big green play button, you hit itĭepending on how many dorks you have chosen to use and how many threads you set along with the internet speed and overall power of your PC this may take some time. In the picture you can see "inurl:" which is where you copy and paste your chosen dorks. You do not need all of them 1,000 is more than enoughġ) Once you have your dork list you can open up SQLi Dumper. Download: /D05fx1Ebo4/SQLi_Dumper_v.9.7_Cracked_By_PC-RET_zipĪ dork list.