How to SQL Inject a Website, for Admin

This is my First HF Tutorial, so Please Be light on me, Thank You, and Comments will be answered via PM, Thank You
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

Hi Everyone, Today I will be teaching you one of the MANY tutorials of SQL Injection of Administrator on a Website,

First Off, You Will need a Web-Browser obviously,

Next, You will need to type in the Google Web-Browser (Google because it brings the most Direct Web Results) -> Allinurl:adminlogin.asp


After, You must click a Website that has exactly, adminlogin.asp as the text after slash, e.g. (click here to test this,)

http://www.amskrupajal.org/AdminLogin.asp

When You have the Website open (this is an example, there are Quite a few Results) you will have to use this as the Login Details:


user: admin
password: 'or''='

^ - That is SQL Injection, what this does, Is it edits the code inside the Sent Details, and Takes Out the Authentication to allow any password for Any User (in this case, it is the Administrator as this is "adminlogin.asp")


After That you have Logged in as the Administrator, Now Some Things To Note.

1.) In This Website (the example - that is real) the password SQL String, is the main one that works, to Login as the Administrator on That site, you need that SQL String

2.) If you need a Email Address to Login as the user, then you will not be Able to, Using This Tutorial, You Will Have To Look SomeWhere Else

3.) Some Websites Disable SQL Injection Techniques, and in turn will stop SQL Injection Attacks, But there Are some edits you can have to allow SQL, But that is not in This Tutorial

/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/

Thank You Every-One For Reading,

I Tried to make this as Noob-Friendly as Possible, and is VERY EASY to use, there are SO MANY SQL Injection Strings, -

I Hope People Like This Tutorial, Any Constructive Critisicm is Accepted,

There Are Many Other Tutorials for SQL Injection, but I Wished to make a Basic Tutorial, That Allows ADMINISTRATIVE ACCESS, rather than any User Account,

Some Things That There Are Using SQL Injection for Administrative Access:

1.) You can on some websites View other User-Accounts,


2.) You can change the Admin-Password so no-one else can Access it,

3.) You can see User-Information, like if it is needed on some websites, like Phone Numbers, you can view it, (on the example link i added, you can do that, you can see the phone numbers, and addresses of peoples accounts,)

And Many More,

I hope people will Use this for GOOD PURPOSES, and Educational Purposes is for which this is made,

Thank You Once Again, And I Hope You Liked This Tutorial, Thank You,

NinjaVictoireNinja

Categories: