How To Hack A Website Admin Account With SQL Injection

How To Hack A Website Admin Account With SQL Injection
A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website to perform operations on the database (often to dump the database content to the attacker) other than the usual operations as intended by the designer. SQL injection is a code injection technique that exploits a security vulnerability in a website's software.




What is SQL Injection?
SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

How It Works?
SQL Injection Injects A Code Into The Mysql Database Which Gets Passed The Site Security Login.

What an attacker can do?
* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

Tips :
* Dont try this on .gov or .edu sites.
* Dont try this on sites that look really adv.
* Try on sites that don't record false login's.
* Make sure it does not say powered by and then a company name, such a Pearson.
* Use a proxy if think you might get caught.

Click here To Download
SQL INJECTION LIST

Step 1: Finding Vulnerable Website:
Use Google Search Engine: We can find the Vulnerable websites(hackable websites) using Google Dork list. 


Search in Google:

inurl:adminlogin.asp

copy one of the above command and paste in the google search engine box.

So Start from the first website. if you find a website ending with adminlogin.asp Now enter the website,
At the username type in "Admin" or "Administrator" and at the password type:

  • 1'or'1'='1

How to protect you own websites from SQL injection?
Filter out character like ' " - / \ ; NULL, etc. in all strings from:
* Input from users
* Parameters from URL
* Values from cookie