How to #Inject Database?
I want to share how i inject low secure website and it is just for educational purpose.
Table of contents
SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures.
Source: https://www.acunetix.com/websitesecurity/sql-injection/
Back to the Point
So how you inject? here's a complete instruction for you.
First Step :
You can go through any login page of website for testing purpose. For example; http://altoromutual.com:8080/login.jsp
Second Step:
Try to login as admin. Most of the developer sets their login username as "admin" that's how a hacker get chance to access in to your system.
Now try to comment down the rest query after the username for example; admin'-- . If you know some basic knowledge of SQL you can understand how credintials work. Here the query is like; SELECT* from login_table where username="admin" && password="****". After injecting the queries it will look like this; SELECT* from login_table where username="admin" '-- && password ="****".
yup! you got the access. Congratulations!!!