Friday, 4 December 2015

SQL INJECTION FOR ALL USERS {STRUCTURED QUERY LANGUAGE} EASY TO DO

HEY GUYS ,
TODAY WE ARE GOIN TO SEE ABOUT SQL INJECTION



NOTE: I WON'T WASTE YOUR PRECIOUS TIME BY SAYING BLAH BLAH,THUS NO SCROLLING REQUIRED



NOW, SQL is Structured Query Language which is used to make tables ,databases and forms ..

most site uses this for username / email , password forms

HOW CAN I CHECK FOR SQL VULNERABLE SITES ?


  • U can use google dorks to search for websites, say inurl: .com/index.php?id= ..
  • There are much google get the list of google dorks here
  • Add ' or " or \ at the end of the .php?id=   ....

If any errors occurs then u can proceed , otherwise its not hackable with sqli technique .

HACKING WITH '1 OR 1' METHOD :

  • U may have username field and password field, u can log in without knowing any of these ..

  • just enter a statement which is always true ,for example 1=1 ? its always true 

  • thus enter username : 'OR '1'='1  {or statement thus will always true }
  • and the same for password,thus u got logged in ..
HACKING WITH COMMENTS 


  • Some of the comments we use in sql are "-- -" ,   "# " ,   " /*   */" . {this is similiar to // or /* in C program }


  • enter the known user name says, "admin "or the same 'OR '1'='1 

  • now [space] -- - or #  EXAMPLE : username : admin -- - 

  • NO password is required u will be logged in automatically , in this method password field is just treated as a comment.

HACKING WITH ADVANCED METHOD : 
sql map for pc and droidsqli for rooted droids




DROID SQLI is the known easiest sql injection method , just enter the site address and click INJECT the app will do everything for you .







Gather the tables and get the username / password  from the user details tab 


u will be getting password in the form of hashes , use password decrypter to retrive the password in the form of alphabets or numbers.. here is an online password decrypter


sql map for pc:


This is the most effective way and advance method , u can use this tool only if u are familiar with synatxes and command line program

SINCE SQLMAP technique takes too long, i will be updating it soon..still then start hacking and start enjoying...

















No comments:

Post a Comment

Time

Blogger TemplatesMy Blogger TricksAll Blogger Tricks

LIKE , SHARE AND TWEET