What is jSQL Injection – Kali Linux ?
Tools included in the jsql package
jSQL – A lightweight application used to find database information: A lightweight application used to find database information from a distant server.
jsql Usage Example :
How To Install jSQL :
Apart from installing Java, there is no installation. Download the .jar file and voilà.
So, install java then download the latest jSQL executable and double click on the .jar file to open the main window (or you may type in a terminal: java -jar jsql-injection-v0.5.jar, or right click on file, choose “Open with…” and select “Java(TM) Platform SE binary”).
Injection and local test :
Running injection requires the URL of a local or distant server, and the name of parameter to inject. For a local test, you can save the following PHP code into file ‘simulate_get.php’ and move it to the root folder of your web server (e.g /www), then use http://127.0.0.1/simulate_get.php?lib= in jSQL, and finally click Connect to read the local database:
mysql_connect("localhost", "root", ""); mysql_select_db("mysql"); $result = mysql_query("SELECT * FROM user where user = " . $_GET['lib']) # time based or die( mysql_error() ); # error based if( mysql_num_rows($result) !== 0 ) echo " something "; # blind while( $row = mysql_fetch_array($result, MYSQL_NUM) ) echo join(',',$row); # normal ?>
Kali Linux 2.0 SQL injection with SQLmap & jSQL:
All the steps for this tutorial are explained on a Video on our Youtube Channel you can subscribe to it by this link they are many other tutorials that you can learn about bypassing and hacking and others basics tutorials about kali linux 2.0 (Kali Sana).
Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.
If you have encountered a problem or you have any questions or remarks please feel free to set a comment.
If this article helped you to solve your problem please feel free to Share it with your friends. with Love and Prosperity K4LINUX-TEAM.