HEY GUYS ,
TODAY WE ARE GOIN TO SEE ABOUT SQL INJECTION
NOTE: I WON'T WASTE YOUR PRECIOUS TIME BY SAYING BLAH BLAH,THUS NO SCROLLING REQUIRED
NOW, SQL is Structured Query Language which is used to make tables ,databases and forms ..
most site uses this for username / email , password forms
HOW CAN I CHECK FOR SQL VULNERABLE SITES ?
TODAY WE ARE GOIN TO SEE ABOUT SQL INJECTION
NOTE: I WON'T WASTE YOUR PRECIOUS TIME BY SAYING BLAH BLAH,THUS NO SCROLLING REQUIRED
NOW, SQL is Structured Query Language which is used to make tables ,databases and forms ..
most site uses this for username / email , password forms
HOW CAN I CHECK FOR SQL VULNERABLE SITES ?
- U can use google dorks to search for websites, say inurl: .com/index.php?id= ..
- There are much google get the list of google dorks here
- Add ' or " or \ at the end of the .php?id= ....
If any errors occurs then u can proceed , otherwise its not hackable with sqli technique .
HACKING WITH '1 OR 1' METHOD :
- U may have username field and password field, u can log in without knowing any of these ..
- just enter a statement which is always true ,for example 1=1 ? its always true
- thus enter username : 'OR '1'='1 {or statement thus will always true }
- and the same for password,thus u got logged in ..
HACKING WITH COMMENTS
- Some of the comments we use in sql are "-- -" , "# " , " /* */" . {this is similiar to // or /* in C program }
- enter the known user name says, "admin "or the same 'OR '1'='1
- now [space] -- - or # EXAMPLE : username : admin -- -
- NO password is required u will be logged in automatically , in this method password field is just treated as a comment.
HACKING WITH ADVANCED METHOD :
sql map for pc and droidsqli for rooted droids
DROID SQLI is the known easiest sql injection method , just enter the site address and click INJECT the app will do everything for you .
Gather the tables and get the username / password from the user details tab
u will be getting password in the form of hashes , use password decrypter to retrive the password in the form of alphabets or numbers.. here is an online password decrypter
sql map for pc:
This is the most effective way and advance method , u can use this tool only if u are familiar with synatxes and command line program
SINCE SQLMAP technique takes too long, i will be updating it soon..still then start hacking and start enjoying...
No comments:
Post a Comment