Basic SQL Injection Attack
Hi Guys, Here Im going to teach you about the SQL injection. It is one of the great vulnerabilities in most of the sites. But still most of the developers are not aware of it. It a good new for us guys, we can hack some sites very easily.
What is SQL injection..? How it works..?
Dont worry Its just a simple thing.
Sql injection attacks the database through the Website. And if you know .net you can know more about this. When you creating a site and save your datas in a database using SQL queries, as a newbies you can make a lot of mistakes in that. As a result of this even a single mistake shows the SQL error.
Same thing here too… What we have to do is use some invalid inputs like ( ‘”><=*) etc.. to create some errors in the database. If it show some error, then we are moving forward guys.
If you dont understand the above don’t worry thats just a theory to say how it works,
Now read it carefully..
Step 1 : First thing you have to do is, select a website that containing the url at the end
Example : http://www.hackingstuffs.com/items.php?id=5
Step 2 : check weather the site is vulnerable or not. How to check..?
Use single quote ( ‘ ) mark at the end of the url.
Example : http://www.hackingstuffs.com/items.php?id=5′;
If if doesn’t show any error then leave it. search for other site.
If it shoes some errors like ( syntax error) or (error on line table_name or any thing )
You are lucky.. This site is vulnerable.
Step 3 : you have to find the login page, its some what difficult but if you find it then you can do many funny things on that site like (edit, delete, add etc)
First try it manually..
Guess what may be the admin page like (login, admin, admin-login,admin_login) try like this.
Example : http://www.hackingstuffs.com/login.php
If you get any login form then you are going in a right direction..
or else to find the login page you can use the Havij tools also. But using tools will not be interest to hack..
When you find the login page, open a new tab and open google.com,
In the search box type ” SQL Cheat Sheet “, you can get a lot of urls and open one link and copy the code from that and paste in Username & password box.
And press login button, Oh God its so crazy you are inside the website…
No need to go to google I will provide some SQL Injection codes try on this most of the admin page will bypass in this codes..
1.) 1′ OR ’1′=’1
2.) 1 OR 1=1
4.) 1 AND 1=1
5.) 1 EXEC SP_ (or EXEC XP_)
6.) 1′ AND 1=(SELECT COUNT(*) FROM tablenames); –
In the login page copy any of the code from here and paste it in both username & password. And click the login button. Try the first one, if its not login try for others or go to google.
Now Guys you are in the admin page of the website, So you can do any thing you want. You delete, edit etc, youy have the permit to do ever thing.
You can use insert table, detele table, insert coloumn, drop coloumn etc.
Now I hope you guys undersand the SQL Injection Attack. And any newbies have doubt use the comment options below, lot of peoples are ready to clear your doubts..
But Guys you have to think once that hacking into others site is cyber crime and the punishment will be very severe. This is just to increase your knowledge and the Article is only for Security purpose so be aware of it. Before doing this.
And who tries this and get success go for advanced SQL injection in next page..