Sunday, February 28, 2016

SQL injection for Fun | Blackhattrick Blog

Disclaimer:
Performing this kind of activity is illegal. Please refer the article for knowledge purpose.Blog owner is not responsible if any unethical activity will done.

Hello Guys,

                Here I am again for you with new article on Sql Injection.


Here I use Google Dorks to look for Vulnerable Sites for SQL Injection. 
Note: you must know about Google hacking cheat sheet.

SQL Injection:

                SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).




Follow the Steps:

Go to Google Search for enter string below,
inurl:"/admin/_login.php /admin/_login.phpinurl:index.php?id= -

 Here I use “inurl:"/admin/_login.php” for demonstration.

After search you may open any web site to check for vulnerability.

Suppose if your web URL is: www.site.com/admin/_login.php replace _login.php with index.php,
if the web page does not change(remains as it is) then your Sql injection will work 99%.




 Almost 88% web sites are vulnerable as per study.

Try Sql injection Cheats. I will use ' or 1=1; #





Bingo!!!!!!!!!!
You got Administrator Panel Access !!!!!



Benefits:
In Organizations, Analyst/administrator can use the trick to check whether vulnerability present on the server so they can patch it on priority.

Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing