SQL Injection – How to hack a websites SQL tables using the Mole
To test websites are safe from SQL injection we can use SQLMAP or Mole. Here we show the syntax to use The Mole for SQL injection testing.
Step 1 – Download Python 3 for Windows or Kali Linux
Step 2 – Download the Mole
Step 3 – Install and launch the Mole
Install to C:\mole
dir – check that you can see mole.exe.
To type in syntax, go to step 5.
Step 4 – Find a vulnerable website
Use Google. Search for the term
Browse to the website and then put a single dash at the end of the url.
so it reads php?=id1′
If you get an error the website is vulnerable.
Using the sites returned by google, check each site by put an apostrophe after the 1, if an error appears, then the site is vulnerable.
Step 5 – Attack Syntax to get the Website Databases
(xxx =use a word found on the page).
Caution regarding Needle. If you use a term not found on the page, you’ll get an error. Here we used the term “home” eg needle home
Now you’ll see the databases on the site appear. Write down the name of the databases, as we’ll use these where dbname appears in our syntax.
So we can use information_schema where dbname is needed.
Step 6 – Attack Syntax to get the Tables
The table information_schema shows us that it has 40 rows of data, and further tables.
Step 7 – Attack Syntax to get the Column
columns dbname tablename
columns information_schema tableabc
Step 8 – Attack Syntax to get the records from the tables
query dbname tablename colm1,colm2.colm3
For testing websites, would I recommend Mole or SQLMAP? For ease of use it has to be SQLMAP.