Your First Live Hacking Technique

There are many hacking techniques used for hacking a website. Here i am giving you a taste of SQL Injection method. SQL, OS, and LDAP injections occur when untrusted data is sent to an interpreter as part of a command or query. We can trick the interpreter into executing unintended commands. So, follow the below steps carefully. Now most of the sites are designed with SQL Injection in mind, hence the below method only works for poorly designed websites.

WARNING:
Any actions and or activities related to the material contained within this Website is solely your responsibility. The author and this sitewill not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

1) Go to Google and search for vulnerable ASP sites using "inurl:adminlogin.asp"

2) Choose a result

3) You will get a login window similar like this, use below data to login

Username : admin (always its admin)
Password : 'or'1'='1

4) If you are lucky, you will be redirected to the Admin Panel

5) Finished, you hacked a website!

the theory behind this hack is explained below,

SQL injection is the result of weak coding. Analyzing the above example, the site uses a SQL statement similar below to access and compare username and password from the database.

SELECT username,pwd FROM members WHERE 'username'='given username' AND 'pwd'='given password' 

when we type 'or'1'='1 in the password field it becomes

SELECT username,pwd FROM members WHERE 'username'='admin' AND 'pwd'=''or'1'='1'

So 1 = 1 will be always true and it proceeds the login. As for your knowledge it will not work with websites made of PHP. I will explain other techniques like XSS attacks in coming days. Happy Hacking!