Tuesday, June 23, 2015

Your website is not secure it's vulnerable to SQL Injection

Here, start up with some ethical hacking techniques.

In the "Ethical hacking" world, SQL Injection is important to find the loopholes in websites in order to check their security and so that these bugs could be rectified.

The biggest loophole a website can possess is - 


      Bypassing admin page
  • Every dynamic website (which keeps on changing or updating), includes an admin page, through which the admin of the website (who own or who handles it) controls the whole website, make updates, etc.
  • First of all this admin page should never be accessible to any end user, on the website. 
  • If it is, and if someone tries to bypass the username and password it asks, then what else a hacker wants. Here he becomes the admin of the website, having all the rights to do anything with the website.

Note :

Never try to bypass government websites, it might be risky.

So the first method is -

Basic SQL Injection Technique

Now I will be introducing ways you can bypass through a website ( getting through the username password in websites) using those search methods. 
So its time to apply those methods to search for websites that are vulnerable for getting bypass (which we are able to hacked or are at risk ).

Steps :

The major step involved is searching for websites in which we are able to access admin page. (We can also try to bypass other password protected pages but, as I told you, admin pages are the highest on risk as it provides admin rights to the hacker).

(a). In Google search box, use the search methods to find most certain vulnerable websites.
site:gov.in inurl:admin.php
This will give you results as website urls which provide access to their admin page (which they really should not, for security purpose).



 (b). Open a number of links in new tabs so that you can try them all for further steps.

 (c). In both username and password fields, write -
0'or'0'='0
and login.
(d). In some cases you can get through it. You will get an admin page, provided with full admin rights over the website. 

So, congratulations you are the admin now.

Note :

Please do not try to harm any working website, making changes to it, its only for learning purpose.

(e).  In many cases you might not be able to access the admin page.
It might give some error or warning.

For such websites, you might need a stronger technique.
Refer to my next post.

No comments:

Post a Comment