Intro - Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities.

1. How to open
A. GUI Method
Application → Kali linux → Web Applications → Web Vulnerability Scanners → vega
                                                                                (click image for large view)

B. Open Terminal, type vega and hit enter

2. Go to Scan → Start New Scan (click on this)

3.  Write your target URL and click on next

4. Select Modules to run which modules do you want to run. For example if I want to know only XSS Injection than just check it and uncheck others afterthat click on next.

5. Here you can configure cookies and authentication identity. I am leaving all this I don’t need it.

6.  Click on Finish. And your scan will be start.

7. After completing scan you will see result like this image, If you got High alert than you got vulnerabilities on your target. If not than your target do not have any type of vulnerability.

8. Just go to scan alert and select your vulnerability for more information. After selecting this you will see information about selected item like in this image we selected ‘Possible SQL Injection → /products/details’ here we can see this is a SQL Injection, we can see details like resource, method. If you want more details than just click on REQUEST filed ‘GET /products/details.’

9. This is Request window. Here we can see host, method etc as well as we can see the response. On the response tab we can watch this is a sql error.

10. If you want to see this is a sql vulnerability or not than just put your url on address bar.
(click image for large view)

Like it ? Share it.

Post a Comment

  1. Hi colleagues, its fantastic paragraph concerning cultureand entirely defined,
    keep it up all the time.

    My web blog - web page

  2. what if i have a sql injection like this how can i use it

    /rate_calculator_domestic_result.php [mail_type=vega@example.com first_region=Joey second_region=' onMouseOver=vvv000028v586949 weight=1 addon=1 ]

    1. If you found any website sql vulnerability. I will advice you. you should report their vulnerabilities to IT team of the website.
      other side of your question if you found sql injection in any website you can try to inject the sql injection and if your luck worked you will get the ID and Password of admin

  3. but lets say thats the output how can i convert that field to inject sql

    1. If you want to know how to do sql injection you have to wait for a while so i can make a tutorial on this. Thanks for comment

  4. Hi
    wen i try shell uploading after sqli,it asks 4 pwd by javascript alert
    hw to bypass it ?

    1. I like to tell you kindly visit below link so you will learn how can you attack on a website by using sql vulnerability

  5. Hello there! Quick question that's completely off topic.
    Do you know how to make your site mobile friendly? My web site looks weird when
    browsing from my iphone 4. I'm trying to find a template or plugin that might be able to
    fix this issue. If you have any recommendations, please share.

    With thanks!

    Here is my page; Portable cooktops for Induction cooking


Comment Rules :
1. Do not post Adult/illegal Links.
2. Try to comment in only English Language.
3. Do not post other website's links which are useless.
4. Your Comment should be based on the Topic for other queries Kindly Visit our Contact Us Page.
5. Do not use Abusive Language.
6. Respect each other.
Thank You for following the rules. Please Comment....