What is SQL injection

Posted by Team Secugenius - Unknown at 4:43 PM


    In simple word, It is a code injection technique used to attack data driven applications,
    in which malicious SQL statements are inserted into an entry field for execution.
   
   

   Each web site have a two panel one is “C panel” and second we have a “admin panel”.
   Now we cannot baypass the C PANEL , But we can baypass “ADMIN PANEL” with some
   Codes like ‘or’’=’

 

   
       How to find admin page
  1.  With tool like "HAVIJ"
  2.  With online website like:-
           http://y-shahinzadeh.ir/af/
          http://scan.subhashdasyam.com/admin-panel-finder.php  
    
     3.  With google dorks 
  


    

     So, Now open the admin panel
    


  
     Firstly here we enter admin admin in user name and password in the login panel
     If we enter in the admin panel then its ok . otherwise we will use code like ‘or’’=’
     In login panel. With this code surely we enter in the admin panel like this website


                   
     

     This is a SQL injection


0 comments:

Subscribe to: Post Comments (Atom)