Disclaimer:
Performing this kind of activity is illegal. Please refer the article for knowledge purpose.Blog owner is not responsible if any unethical activity will done.
Hello Guys,
Here I am again for you with new article on Sql Injection.
Here I use Google Dorks to look for Vulnerable Sites for SQL Injection.
Note: you must know about Google hacking cheat sheet.
SQL Injection:
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Follow the Steps:
Go to Google Search for enter string below,
inurl:"/admin/_login.php /admin/_login.phpinurl:index.php?id= -
Here I use “inurl:"/admin/_login.php” for demonstration.
After search you may open any web site to check for vulnerability.
Suppose if your web URL is: www.site.com/admin/_login.php replace _login.php with index.php,
if the web page does not change(remains as it is) then your Sql injection will work 99%.
Try Sql injection Cheats. I will use ' or 1=1; #
Bingo!!!!!!!!!!
You got Administrator Panel Access !!!!!
Benefits:
In Organizations, Analyst/administrator can use the trick to check whether vulnerability present on the server so they can patch it on priority.