SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database. The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database
Havij can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
Havij supports following databases and injection methods.
* MsSQL with error: Microsoft SQL Server injection using error based method
* MsSQL no error: Microsoft SQL Server injection using union
* MsSQL Blind: Microsoft SQL Server injection using blind method
* MySQL unknown ver: MySQL injection using union
* MySQL Blind: MySQL injection using blind method
* MySQL error based: MySQL injection using error based method
* Oracle: Oracle injection using union method
* PostgreSQL: PostgreSQL injection using union method
* MsAccess: Microsoft Access injection using union method
* MsAccess Blind: Microsoft Access injection using blind method
Havij v1.14 Free – here
Fast starting with Havij
You don’t need so much technical information for using Havij however it has a lot of settings for professional users. To start using Havij you just need a vulnerable URL to SQL Injection bug.
How to find a vulnerable web site? You can use web vulnerability scanner programs and available tools for finding SQL Injection vulnerabilities and also you can use Google. It doesn’t matter if you are not sure that page is vulnerable or not, Havij will check it. You can use Havij to check security of your own website.