Usually sites ask you to login before you can view specific information.But you can bypass it without even knowing the username or the password.The trick is SQL Injection .
Suppose you fill in the login screen like this:
User:abc
Password:pqrs
Now the script will make an enquiry to the server like this:
SELECT USER from database WHERE username=’abc’ AND password="pqrs"
Now this can be exploited in a number of ways:
username:’ or 1=’1 password:’ or 1=’1
username:’ or ’1′=’1′ password:’ or ’1′=’1′
username:or 1=1 password:or 1=1
username:'1=1-' password: [Note:after '-' remaining line is treated as comment]
There are a lot of ways out there....
Note:This post is for educational purposes only.I am not responsible for its misuse in any way.
Suppose you fill in the login screen like this:
User:abc
Password:pqrs
Now the script will make an enquiry to the server like this:
SELECT USER from database WHERE username=’abc’ AND password="pqrs"
Now this can be exploited in a number of ways:
username:’ or 1=’1 password:’ or 1=’1
username:’ or ’1′=’1′ password:’ or ’1′=’1′
username:or 1=1 password:or 1=1
username:'1=1-' password:
There are a lot of ways out there....
Note:This post is for educational purposes only.I am not responsible for its misuse in any way.
ReplyDeleteI know a real professional hacker who has worked for me twice in the past one month. He is very good at hacking anything concerning database, phone, social media and even credit report fixes. He offers legit services. He also helps to retrieve accounts that have been taken by hackers. Contact him at cybergoldenhacker at gmail dot com