Previously, we discussed about LOIC software which can be used to hack website. As a reference to that post, I am now posting a short SQL Injection tutorial in this article. There are many sites on web vulnerable to SQL injection attacks and hence, I am writing on SQL injection in this article.
SQL Injection attacks:
Out of my curiosity, I was just checking the sites vulnerable for SQL Injection attacks and I was really shocked to see that so many websites can be hacked using SQL injection.
Just Google for “adminlogin.asp” and check all the results for SQL vulnerability. My analysis concluded that more than 30% sites in initial Google search results are vulnerable to SQL injection attacks. No doubt, we hackers want some vulnerable sites to try and learn SQL injection.
How to implement SQL injection attack:
Well, I will not cover all the topic over here. To hit start the topic, I am just telling you guys what I did to enter the admin panel of these sites.
1. Go to Google and enter adminlogin.asp and hit enter to get search results.
2. Now, visit each website in search result. You will find the login page. Enter the following information:
Username: admin
Password: ‘ or ’1′=’1
and hit on Enter. You will find yourself logged in the admin control panel.
Thus, even when you are not knowing the actual admin password, you are able to hack website and access admin control panel. This is possible due to SQL Injection attack.
Note: SQL Injection has its own limits as it can be fixed by the webmaster. So, you will hardly find any reputed, important site vulnerable to SQL Injection.
In my future articles, I will post a complete tutorial on how to implement SQL Injection attacks to hack websites. Though, these SQL injection attacks can be prevented, most webmasters neglect this security measure, helping us in getting test sites. If you have any problem in this SQL injection tutorial, please mention it in comments.
Enjoy SQL Injection Tutorial to hack websites…
Article by Rajesh Chaukwale
Rajesh is a passionate tech-blogger since last 3 years. He is a Computer Science Engineering student and loves writing about computer security and blogging. You can follow him on Twitter @RajeshChaukwale
{ 3 comments… read them below or add one }
password is not working dear…
yuppy i found it here it is..
username: admin
password: ‘or’ ‘=’
Yeah, there are many such username-password combinations. Thanks for adding one to the list.