SQL injection

Basic SQL Injection Attack

Hi Guys, Here Im going to teach you about the SQL injection. It is one of the great vulnerabilities in most of the sites. But still most of the developers are not aware of it. It a good new for us guys, we can hack some sites very easily.
What is SQL injection..? How it works..?

Sql Injection

Dont worry Its just a simple thing.
Sql injection attacks the database through the Website. And if you know .net you can know more about this. When you creating a site and save your datas in a database using SQL queries, as a newbies you  can make a lot of mistakes in that. As a result of this even a single mistake shows the SQL error.

Sql Injection

Same thing here too… What we have to do is use some invalid inputs like ( ‘”><=*) etc.. to create some errors in the database. If it show some error, then we are moving forward guys.
If you dont understand the above don’t worry thats just a theory to say how it works,
Now read it carefully..
Step 1 : First thing you have to do is, select a website that containing the url at the end
.php?id=1
Example : http://www.hackingstuffs.com/items.php?id=5
Step 2 : check weather the site is vulnerable or not. How to check..?
Use single quote ( ‘ ) mark at the end of the url.
Example : http://www.hackingstuffs.com/items.php?id=5&#8217;
If if doesn’t show any error then leave it. search for other site.
If it shoes some errors like ( syntax error) or (error on line table_name or any thing )
You are lucky.. This site is vulnerable.
Step 3 : you have to find the login page, its some what difficult but if you find it then you can do many funny things on that site like (edit, delete, add etc)
First try it manually..

Sql Injection

Guess what may be the admin page like (login, admin, admin-login,admin_login) try like this.
Example : http://www.hackingstuffs.com/login.php
Example : http://www.hackingstuffs.com/admin_login.php
If you get any login form then you are going in a right direction..
or else to find the login page you can use the Havij tools also. But using tools will not be interest to hack..
When you find the login page, open a new tab and open google.com,
In the search box type ” SQL Cheat Sheet “, you can get a lot of urls and open one link and copy the code from that and paste in Username & password box.
And press login button, Oh God its so crazy you are inside the website…
No need to go to google I will provide some SQL Injection codes try on this most of the admin page will bypass in this codes..
1.)      1′ OR ‘1’=’1
2.)      1 OR 1=1
3.)      1’1
4.)     1 AND 1=1
5.)     1 EXEC SP_ (or EXEC XP_)
6.)     1′ AND 1=(SELECT COUNT(*) FROM tablenames); —
In the login page copy any of the code from here and paste it in both username & password. And click the login button. Try the first one, if its not login try for others or go to google.
Now Guys you are in the admin page of the website, So you can do any thing you want. You delete, edit etc, youy have the permit to do ever thing.
You can use insert table, detele table, insert coloumn, drop coloumn etc.

Sql Injection

Now I hope you guys undersand the SQL Injection Attack. And any newbies have doubt use the comment options below, lot of peoples are ready to clear your doubts..
But Guys you have to think once that hacking into others site is cyber crime and the punishment will be very severe. This is just to increase your knowledge and the Article is only for Security purpose so be aware of it. Before doing this