How to #Inject Database?

How to #Inject Database?

I want to share how i inject low secure website and it is just for educational purpose.

Table of contents

SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures.

SQL Injection

Source: https://www.acunetix.com/websitesecurity/sql-injection/


Back to the Point

So how you inject? here's a complete instruction for you.

First Step :

You can go through any login page of website for testing purpose. For example; http://altoromutual.com:8080/login.jsp

Second Step:

Try to login as admin. Most of the developer sets their login username as "admin" that's how a hacker get chance to access in to your system.

Now try to comment down the rest query after the username for example; admin'-- . If you know some basic knowledge of SQL you can understand how credintials work. Here the query is like; SELECT* from login_table where username="admin" && password="****". After injecting the queries it will look like this; SELECT* from login_table where username="admin" '-- && password ="****".

yup! you got the access. Congratulations!!!