Great article on Havij, a tool designed to execute SQL injections. Ericka at Dark Reading deserves major kudos for writing about the topic and bringing attention to it.
Essentially, Havij is an automated SQL injection tool. Hackers use it in conjunction with vulnerability assessment (VA) tools such as Acunetix or Nikto. VA scanners find vulnerabilities but stop short of an actual exploitation—and that’s exactly where Havij starts. In other words, VA gives you a list of targets, Havij takes the shots.
What does the process of using Havij look like? It’s hardly complicated (click image to BIGGIFY):
Note some of the key functionality:
- Get DBs: Hmm, wonder what that does.
- Get Tables: Hmm, wonder what that does.
- Get Columns: Hmm, wonder what that does.
- Get Data: No idea.
You’ll also note in the above the picture, Havij reconstructs the database’s contents. It can perform many types of SQL injections to achieve that task.
How do you stop Havij? We detailed the steps for stopping SQL injection here. It’s one of the most read blogs we’ve ever written and is always worth reviewing. Its also worth noting that traditional network firewalls as well as next-generation firewalls can't block Havij.
Here’s what our WAF looks like when hit by Havij (see the green box):
Here’s what Havij looks like when blocked or unable to find an exploit (see red at the bottom of the picture):