SQL INJECTION “HOW TO” GUIDE!!!
What is a SQL Injection and what is use for??
SQL injection is a type of exploit attack in which the attacker injects or adds a malicious code to gain access to a Web form usually an user's authentication box. SQL injection codes takes advantage of insecure code systems connected to the World Wide Web. For more information about SQL Injection you can visit the following website.. http://en.wikipedia.org/wiki/SQL_injection
Today am going to show you guys how to use SQL Injection to gain administrator access to vulnerable websites; below is the user name and password that am going to use today!!
Remember that is illegal to gain administrator access without the permission of the website administrator, and this guide is just for educational purpose so most website can be protected against this type of attacks..
User:Admin <-------- default user account
Password:1'or'1'='1 <----- “malicious code” there are many malicious SQL other example could be 0'or'0'='0. In some cases you can use 1'or'1'='1 as user's account as well.
Now to find our victims website we just type the following on Google admin.login.asp to find the vulnerable websites to SQL Injection..
Here we type the user's name and password user:admin password:1'or'1'='1
As you can see we are inside of our victim database as easy as that!!!
As you can there are some products that the website have, and the option if I want to add a new product!
Here is the products price update screen .. we are able to change the prices right here!!!!
Most of this SQL Injection would not work on well protected website ..
Remember that is illegal to use this on websites that you don't have the permission to test..
On the next “how to guide” I would show you how to use advanced exploitation techniques to exploit secure and sophisticated websites by using applications to detect access control vulnerabilities. However I can only show you the entrance the rest is for yourself to research and learn on your own!!!
